Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	5
Example	AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.
Explanation	An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect.
Recommended action	1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, contact H3C Support.

AAA_LAUNCH

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.
Explanation	An AAA request was received.
Recommended action	No action is required.

AAA_SUCCESS

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.
Explanation	An AAA request was accepted.
Recommended action	No action is required.

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.
Explanation	Hardware resources were insufficient for accelerating an ACL.
Recommended action	Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text	Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.
Explanation	ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.
Explanation	ACL acceleration failed because the system does not support ACL acceleration.
Recommended action	No action is required.

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] ACL [UINT32].
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.
Explanation	ACL acceleration failed because of an unknown error.
Recommended action	No action is required.

ACL_DYNRULE_COMMENT

Message text	The comment of [STRING], which was generated dynamically, can't be added or deleted manually.
Variable fields	$1: Dynamic ACL rule information.
Severity level	6
Example	ACL/6/ACL_DYNRULE_COMMENT: The comment of IPv4 ACL 3000 rule 1, which was generated dynamically, can't be added or deleted manually.
Explanation	The comment of a dynamic ACL rule can't be added or deleted manually.
Recommended action	No action is required.

ACL_DYNRULE_MDF

Message text	[STRING], which was generated dynamically, was deleted or modified manually.
Variable fields	$1: Dynamic ACL rule information.
Severity level	5
Example	ACL/5/ACL_DYNRULE_MDF: IPv4 ACL 3000 rule 1, which was generated dynamically, was deleted or modified manually.
Explanation	A dynamic ACL rule was deleted or modified manually.
Recommended action	Make sure deleting or modifying the dynamic ACL rule does not affect ongoing services on the network.

ACL_IPV6_STATIS_INFO

Message text	IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the IPv6 ACL rule changed.
Recommended action	No action is required.

ACL_NO_MEM

Message text	Failed to configure [STRING] ACL [UINT] due to lack of memory.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	3
Example	ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.
Explanation	Configuring the ACL failed because memory is insufficient.
Recommended action	Use the display memory-threshold command to check the memory usage.

ACL_RULE_REACH_MAXNUM

Message text	The maximum number of rules in [STRING] ACL [UNIT32] already reached.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	5
Example	ACL/5/ACL_RULE_REACH_MAXNUM:The maximum number of rules in IPv4 ACL 3000 already reached.
Explanation	A dynamic ACL rule failed to be added because the maximum number of rules in the ACL already reached.
Recommended action	Delete unused ACL rules.

ACL_RULE_SUBID_EXCEED

Message text	The rule ID in [STRING] ACL [UNIT32] is out of range.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	5
Example	ACL/5/ ACL_RULE_SUBID_EXCEED: The rule ID in IPv4 ACL 3000 is out of range.
Explanation	A dynamic ACL rule failed to be added because the rule ID is out of range.
Recommended action	Modify the rule numbering step for the ACL.

ACL_STATIS_INFO

Message text	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the IPv4 ACL rule changed.
Recommended action	No action is required.

ADVPN messages

This section contains ADVPN messages.

ADVPN_SESSION_DELETED

Message text	An ADVPN tunnel was deleted: tunnel interface=[STRING], private addr=[STRING], public addr=[STRING], peer private addr=[STRING], peer public addr=[STRING], type=[STRING], last state=[STRING], last state duration=[STRING], domain name=[STRING], ADVPN group name=[STRING].
Variable fields	$1: Tunnel interface name. $2: Private address of the ADVPN tunnel. $3: Public address of the ADVPN tunnel. $4: Peer private address of the ADVPN tunnel. $5: Peer public address of the ADVPN tunnel. $6: ADVPN tunnel type. $7: Last state of the ADVPN tunnel. $8: Duration for the last state of the ADVPN tunnel, in the format of xH yM zS. $9: ADVPN domain name. $10: ADVPN group name.
Severity level	4
Example	ADVPN/4/ADVPN_SESSION_DELETED: An ADVPN tunnel was deleted: tunnel interface=888, private addr=112.168.60.56, public addr=192.168.60.137,peer private addr=112.168.60.18, peer public addr=192.168.60.11,type=Spoke-Hub, last state=Success, last state duration=0H 8M 8S,domain name=abc, ADVPN group name=
Explanation	An ADVPN tunnel was deleted.
Recommended action	Check the network connectivity and configuration.

ADVPN_SESSION_STATE_CHANGED

Message text	ADVPN tunnel state changed from [STRING] to [STRING]: tunnel interface=[STRING], private addr=[STRING], public addr=[STRING], peer private addr=[STRING], peer public addr=[STRING], type=[STRING], last state=[STRING], last state duration=[STRING], domain name=[STRING], ADVPN group name=[STRING].
Variable fields	$1: Original state of the ADVPN tunnel. $2: New state of the ADVPN tunnel. $3: Tunnel interface name. $4: Private address of the ADVPN tunnel. $5: Public address of the ADVPN tunnel. $6: Peer private address of the ADVPN tunnel. $7: Peer public address of the ADVPN tunnel. $8: ADVPN tunnel type. $9: Last state of the ADVPN tunnel. $10: Duration for the last state of the ADVPN tunnel, in the format of xH yM zS. $11: ADVPN domain name. $12: ADVPN group name.
Severity level	4
Example	ADVPN/4/ADVPN_SESSION_STATE_CHANGED: ADVPN tunnel state changed from Establishing to Success: tunnel interface=888, private addr=112.168.60.56, public addr=192.168.60.137,peer private addr=112.168.60.18, peer public addr=192.168.60.11,type=Spoke-Hub, last state=Establishing, last state duration=0H 0M 5S,domain name=abc, ADVPN group name=
Explanation	The state of an ADVPN tunnel was changed.
Recommended action	Check the network connectivity and configuration.

AFT

This section contains AFT messages.

AFT_V4TOV6_FLOW

Message text	[STRING]:IPv6Addr=[STRING];VPNInstance=[STRING];IPv4Addr=[STRING];VPNInstance=[STRING];PortBlockRange=[UINT32]-[UINT32];BeginTime_e=[STRING]-EndTime_e=[STRING].
Variable fields	$1: Log type: ¡ AFT port block assigned. ¡ AFT port block withdrawn. ¡ AFT port block has assigned all its ports. $2: IPv6 address before AFT translation. $3: VPN instance to which the IPv6 address before AFT translation belongs. If the IPv6 address does not belong to any VPN instances, this field does not display. $4: IPv4 address after AFT translation. $5: VPN instance to which the IPv4 address after AFT translation belongs. If the IPv4 address does not belong to any VPN instances, this field does not display. $6: Start port number of a port block. $7: End port number of a port block. $8: Time when the port block was created. ¡ This field represents time when an AFT port block was assigned when the port block has been assigned or withdrawn. ¡ This field does not display when the AFT port block has assigned all its ports. $9: Time when the port block was deleted. ¡ This field represents time when an AFT port block was withdrawn when the port block has been withdrawn. ¡ This field does not display when the AFT port block has been assigned or has assigned all its ports.
Severity level	6
Example	AFT/6/AFT_PORTBLOCK: AFT port block has assigned all its ports; IPv6Addr=3006::0002;VPNInstance=;IPv4Addr=200.100.1.100;VPNInstance=;PortBlockRange=1024-1200;BeginTime_e=;EndTime_e=.
Explanation	Port block from port 1024 through 1200 that used to access IPv4 address 200.100.1.100 by IPv6 address 3006::0002 has assigned all its ports.
Recommended action	Add port block resources.

AFT_V4TOV6_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];AFTSrcIPv6Addr(1005)=[IPADDR];AFTSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];AFTDstIPv6Addr(1009)=[IPADDR];AFTDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];SrcVPNInstance(1042)=[STRING];DstVPNInstance(1043)=[STRING];BeginTime(1013)=[STRING];EndTime(1014)=[STRING];Event(1048)=[STRING].
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv4 address. $4: Source port number. $5: Source IPv6 address after AFT translation. $6: Source port number after AFT translation. $7: Destination IPv4 address. $8: Destination port number. $9: Destination IPv6 address after AFT translation. $10: Destination port number after AFT translation. $11: Total number of incoming packets. $12: Total number of incoming bytes. $13: Total number of outgoing packets. $14: Total number of outgoing bytes. $15: Source VPN instance name. $16: Destination VPN instance name. $17: Time when the session was created. $18: Time when the session was removed. $19: Event description: ¡ Session created. ¡ Session deleted.
Severity level	6
Example	aft/6/AFT_V4TOV6_FLOW: Protocol(1001)=UDP;Application(1002)=sip;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;AFTSrcIPv6Addr(1005)=100::1;AFTSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;AFTDstIPv6Addr(1009)=100::1414:1401;AFTDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;SrcVPNInstance(1042)=;DstVPNInstance(1043)=;BeginTime(1013)=03182024082546;EndTime(1014)=;Event(1048)=Session created.
Explanation	This message is sent when an IPv4-initiated session is created or removed.
Recommended action	No action is required.

AFT_V6TOV4_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];AFTSrcIPAddr(1005)=[IPADDR];AFTSrcPort(1006)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];AFTDstIPAddr(1009)=[IPADDR];AFTDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];SrcVPNInstance(1042)=[STRING];DstVPNInstance(1043)=[STRING];BeginTime(1013)=[STRING];EndTime(1014)=[STRING];Event(1048)=[STRING].
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Source IP address after AFT translation. $6: Source port number after AFT translation. $7: Destination IPv6 address. $8: Destination port number. $9: Destination IP address after AFT translation. $10: Destination port number after AFT translation. $11: Total number of incoming packets. $12: Total number of incoming bytes. $13: Total number of outgoing packets. $14: Total number of outgoing bytes. $15: Source VPN instance name. $16: Destination VPN instance name. $17: Time when the session was created. $18: Time when the session was removed. $19: Event description: ¡ Session created. ¡ Session deleted.
Severity level	6
Example	aft/6/AFT_V6TOV4_FLOW: Protocol(1001)=TCP;Application(1002)=general_tcp;SrcIPv6Addr(1036)=100::c613:102;SrcPort(1004)=1024;AFTSrcIPAddr(1005)=101.1.1.14;AFTIPSrcPort(1006)=1025;DstIPv6Addr(1037)=100::6;DstPort(1008)=1025;AFTDstIPAddr(1009)=101.1.1.1;AFTDstPort(1010)=1025;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;SrcVPNInstance(1042)=;DstVPNInstance(1043)=;BeginTime(1013)=03182024082901;EndTime(1014)=;Event(1048)=Session created.
Explanation	This message is sent when an IPv6-initiated session is created or removed.
Recommended action	No action is required.

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text	-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected.
Variable fields	$1: ANCP neighbor name. $2: Neighbor state. $3: Message type. $4: Field. $5: Wrong value of the field. $6: Expected value of the field.
Severity level	6
Example	ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected.
Explanation	The system received an adjacency message that had a field with a wrong value.
Recommended action	No action is required.

ANTIVIRUS messages

This section contains antivirus messages.

APMGR messages

This section contains access point management messages.

AP_CREATE_FAILURE

Message text	Failed to create an AP with entity ID [UINT32] and model [STRING]. Reason: Region code is not available.
Variable fields	$1: AP ID. $2: AP model.
Severity level	6
Example	APMGR/6/AP_CREATE_FAILURE: Failed to create an AP with entity ID 1 and model WA2620i-AGN. Reason: Region code is not available.
Explanation	The system fails to create an AP because the AP is not specified with a region code.
Recommended action	Specify a region code in global configuration view.

AP_REBOOT_REASON

Message text	AP in Run state is rebooting. Reason: The physical status of the radio is down.
Variable fields	N/A
Severity level	6
Example	APMGR/6/AP_REBOOT_REASON: AP in Run state is rebooting. Reason: The physical status of the radio is down.
Explanation	The AP is rebooting because a physical radio interface of the AP is in down state.
Recommended action	Verify that radio settings on the AP are correct after the reboot.

APMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

APMGR_AP_CFG_FAILED

Message text	Failed to reset AP [STRING]. Reason: The AP is writing an image file into the flash.
Variable fields	$1: AP name.
Severity level	4
Example	APMGR/4/APMGR_CFG_FAILD: Fa iled to reset AP ap2. Reason: The AP is writing an image file into the flash.
Explanation	AP reset failed because the AP is writing an image file into the flash.
Recommended action	Restart the AP after the AP finishes writing an image file into the flash.

APMGR_AP_ONLINE

Message text	The AP failed to come online in discovery stage. Reason: AP model [$1] is not supported.
Variable fields	$1: AP model.
Severity level	6
Example	APMGR/6/APMGR_AP_ONLINE: The AP failed to come online in discovery stage. Reason: AP model wa2620i-AGN is not supported.
Explanation	The AP fails to come online because its model is not supported by the AC and the AC cannot receive discovery requests from the AP.
Recommended action	No action is required.

APMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

APMGR_GET_AP_MODEL_FAILURE

Message text	Failed to get an AP model because no region code is configured globally or for AP group [STRING].
Variable fields	$1: AP group name.
Severity level	6
Example	APMGR/6/APMGR_GET_AP_MODEL_FAILURE: Failed to get an AP model because no region code is configured globally or for AP group g2.
Explanation	Failed to obtain the models of APs in an AP group because no region code is specified.
Recommended action	Specify a global region code or specify a region code for the AP group.

APMGR_LOG_ADD_AP_FAIL

Message text	AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING].
Variable fields	$1: AP name. $2: Serial ID. $3: MAC address. $4: AP name.
Severity level	4
Example	APMGR/4/APMGR_LOG_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2.
Explanation	The AP failed to come online because a manual AP that has the same MAC address already exists on the AC.
Recommended action	Delete either the manual AP that has the MAC address or the serial ID.

APMGR_LOG_LACOFFLINE

Message text	Local AC [STRING] went offline. State changed to Idle.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOG_LACOFFLINE: Local AC ac1 went offline. State changed to Idle.
Explanation	The local AC went offline. The state of the local AC changed to Idle.
Recommended action	1. If the local AC went offline abnormally, check the debugging information to locate the problem and resolve it. 2. If the problem persists, contact H3C Support.

APMGR_LOG_LACONLINE

Message text	Local AC [STRING] went online. State changed to Run.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOG_LACONLINE: Local AC ac1 went online. State changed to Run..
Explanation	The local AC came online. The state of the local AC changed to Run.
Recommended action	No action is required.

APMGR_LOG_MEMALERT

Message text	The memory usage of the AC has reached the threshold.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_LOG_MEMALERT: The memory usage of the AC has reached the threshold.
Explanation	The AP failed to come online because the memory utilization exceeded the limit.
Recommended action	Stop creating manual APs and prevent APs from coming online.

APMGR_LOG_NOLICENSE

Message text	AP failed to come online in [STRING]. Reason: No license for the [STRING].
Variable fields	$1: AP state: · discover. · join. $2: AP type: · common AP. · WTU AP.
Severity level	6
Example	APMGR/6/APMGR_LOG_NOLICENSE: AP failed to come online in discover. Reason: No license for the common AP.
Explanation	The AP failed to come online because the number of APs allowed by the license on the AC has reached the upper limit.
Recommended action	Purchase an upgrade license for AP number extension.

APMGR_LOG_OFFLINE

Message text	AP [STRING] went offline. State changed to Idle.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_OFFLINE: AP ap1 went offline. State changed to Idle.
Explanation	The AP went offline. The state of the AP changed to Idle.
Recommended action	If the AP went offline abnormally, check the debugging information to locate the problem and resolve it.

APMGR_LOG_ONLINE

Message text	AP [STRING] came online. State changed to Run.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_ONLINE: AP ap1 came online. State changed to Run.
Explanation	The AP came online. The state of the AP changed to Run.
Recommended action	No action is required.

APMGR_LOG_ONLINE_FAILED

Message text	[STRING] ([STRING]) failed to come online in join state. Reason: [STRING] ([STRING]) was offline.
Variable fields	$1: Name of a WTU or WAP. $2: Serial ID of a WTU or WAP. $3: Name of the connected WT or SPM. $4: Serial ID of the connected WT or SPM.
Severity level	6
Example	· APMGR/6/APMGR_AP_ONLINE_FAILED: WTU (219801A0WA916BQ12535) failed to come online in join state. Reason: WT (219801A11UC173000153) was offline. · APMGR/6/APMGR_AP_ONLINE_FAILED: WAP (219801A0VW916AG00254) failed to come online in join state. Reason: SPM (219801A13DB05B0004350) was offline.
Explanation	· The WTU cannot come online because its connected WT is offline. · The WAP cannot come online because its connected SPM is offline.
Recommended action	Make the WT or SPM come online.

APMGR_REACH_MAX_APNUMBER

Message text	An AP failed to come online: Maximum number of APs already reached.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_REACH_MAX_APNEMBER: An AP failed to come online: Maximum number of APs already reached.
Explanation	An AP failed to come online because the number of APs on the AC already reached the upper limit.
Recommended action	No action is required.

APMGR_ERROR

Message text	Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Variable fields	N/A
Severity level	6
Example	APMGR/6/ERROR: Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Explanation	The system failed to install the WLAN feature package because of insufficient hardware resources.
Recommended action	To resolve the problem: 1. Uninstall the WLAN feature package. 2. Locate the reason that causes hardware resource exhaustion and remove the issue. 3. Reinstall the WLAN feature package. 4. If the problem persists, contact H3C Support.

CWC_AP_DOWN

Message text	CAPWAP tunnel to AC [STRING] went down. Reason: [STRING].
Variable fields	$1: AC IP address. $2: Reason: · Added AP IP address. · Deleted AP IP address. · AP interface used for CAPWAP tunnel went down. · AP config changed. · AP was reset. · Number of echo retransmission attempts exceeded the limit. · No license for the AP. · Full retransmission queue. · Data channel timer expired. · Backup AC IP address changed. · Backup tunnel changed to master tunnel. · Failed to change backup tunnel to master tunnel. · Backup method changed. · N/A.
Severity level	6
Example	CWC/6/CWC_AP_DOWN: CAPWAP tunnel to AC 192.168.10.1 went down. Reason: AP was reset.
Explanation	The CAPWAP tunnel between the AP and the AC was terminated for a specific reason.
Recommended action	Examine the network connection between the AP and the AC.

CWC_AP_UP

Message text	[STRING] CAPWAP tunnel to AC [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_AP_UP: Master CAPWAP tunnel to AC 192.168.10.1 went up.
Explanation	The AP was connected to the AC successfully and entered Run state.
Recommended action	No action is required.

CWC_AP_REBOOT

Message text	AP in state [STRING] is rebooting. Reason: [STRING]
Variable fields	$1: AP state. $2: Reason: · Image was downloaded successfully. · Reset by admin. · Reset by CloudTunnel, · Reset on cloud, · The radio status was incorrect, · WT was offline, · Stayed in idle state for a long time.
Severity level	6
Example	CWC/6/CWC_AP_REBOOT: AP in State Run is rebooting. Reason: Reset by admin.
Explanation	The AP rebooted for a specific reason.
Recommended action	No action is required.

CWC_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel to AC [STRING] completed.
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel to AC 192.168.10.1 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING1] for [STRING2] [STRING3].
Variable fields	$1: Image file name. $2: AP or local AC. $3: Name of the AP or local AC.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300.ipe for AP ap1.
Explanation	The AP or the local AC failed to download the image file from the AC.
Recommended action	No action is required.

CWC_IMG_DOWNLOAD_START

Message text	Started to download the system software image file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_IMG_DOWNLOAD_START: Started to download the system software image file 5800.ipe through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the image file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

CWC_IMG_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading system software image file [STRING].
Variable fields	$1: Image file name.
Severity level	6
Example	CWC/6/CWC_IMG_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading system software image file 5800.ipe.
Explanation	The AP failed to download the image file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

CWC_LOCALAC_DOWN

Message text	CAPWAP tunnel to Central AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the central AC. $2: Reason: · Added local AC IP address. · Deleted local AC IP address. · Local AC interface used for CAPWAP tunnel went down. · Local AC config changed. · Local AC was reset by admin. · N/A
Severity level	4
Example	CWC/4/CWC_LOCALAC_DOWN: CAPWAP tunnel to Central AC 2.2.2.1 went down. Reason: Local AC config changed.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the problem: 1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the problem persists, contact H3C Support.

CWC_LOCALAC_UP

Message text	CAPWAP tunnel to Central AC [STRING] went up.
Variable fields	$1: IP address of the central AC.
Severity level	6
Example	CWC/6/CWC_LOCALAC_UP: CAPWAP tunnel to Central AC 2.2.2.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

CWC_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

CWC_RUN_DOWNLOAD_START

Message text	Started to download the file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_RUN_DOWNLOAD_START: Started to download the file ac.cfg through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

CWC_RUN_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading file [STRING].
Variable fields	$1: File name.
Severity level	6
Example	CWC/6/CWC_RUN_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading file ac.cfg.
Explanation	The AP failed to download the file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

CWS_AP_DOWN

Message text	CAPWAP tunnel to AP [STRING] went down. Reason: [STRING].
Variable fields	$1: AP name. $2: Reason: · Neighbor dead timer expired. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on cloud. · WT was offline. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Backup AP upgrade failed. · AC is inactive. · Tunnel switched. · N/A.
Severity level	6
Example	CWS/6/CWS_AP_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset by admin.
Explanation	The AP went offline for a specific reason.
Recommended action	To resolve the problem: 1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the problem persists, contact H3C Support.

CWS_AP_UP

Message text	[STRING] CAPWAP tunnel to AP [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AP name or serial ID.
Severity level	6
Example	CWS/6/CWS_AP_UP: Backup CAPWAP tunnel to AP ap1 went up.
Explanation	The AP came online and entered Run state.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed.
Variable fields	$1: Image file name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING] for the AP. AC memory is not enough.
Variable fields	$1: Name of an image file.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300anchor.ipe for the AP. AC memory is not enough.
Explanation	The AP failed to download an image file from the AC because of insufficient AC memory.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_START

Message text	AP [STRING] started to download the system software image file [STRING].
Variable fields	$1: AP name. $2: Image file name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe.
Explanation	The AP started to download the image file from the AC.
Recommended action	No action is required.

CWS_IMG_OPENFILE_FAILED

Message text	Failed to open the image file [STRING].
Variable fields	$1: Path of the image file to be downloaded to the AP.
Severity level	3
Example	CWS/3/CWS_IMG_OPENFILE_FAILED: Failed to open the image file slot1#cfa0:/wa5600.ipe.
Explanation	The AP failed to open the image file downloaded from the AC.
Recommended action	No action is required.

CWS_LOCALAC_DOWN

Message text	CAPWAP tunnel to local AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the local AC. $2: Reason: · Neighbor dead timer expired. · Local AC was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · N/A
Severity level	4
Example	CWS/4/CWS_LOCALAC_DOWN: CAPWAP tunnel to local AC 1.1.1.1 went down. Reason: Local AC was deleted.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the problem: 1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the problem persists, contact H3C Support.

CWS_LOCALAC_UP

Message text	CAPWAP tunnel to local AC [STRING] went up.
Variable fields	$1: IP address of the local AC.
Severity level	6
Example	CWS/6/CWS_LOCALAC_UP: CAPWAP tunnel to local AC 1.1.1.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING].
Variable fields	$1: File name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_START

Message text	AP [STRING] started to download the file [STRING].
Variable fields	$1: AP name. $2: File name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg.
Explanation	The AP started to download the file from the AC.
Recommended action	No action is required.

RADIO

Message text	APMGR/6/RADIO: Current channel usage [UINT32] of radio [CHAR] on AP [STRING] exceeded the threshold.
Variable fields	$1: Current channel usage. $2: Radio ID. $3: AP name.
Severity level	6
Example	APMGR/6/RADIO: Current channel usage 63% of radio 2 on AP ap1 exceeded the threshold.
Explanation	The current channel usage on a radio has exceeded the channel usage threshold.
Recommended action	Execute the channel command to switch the working channel to a channel with low usage.

Application account extraction messages

This section contains application account extraction messages.

USER-NETLOG

Message text	Protocol(1001)= [STRING];SrcIPAddr(1003)= [IPADDR];SrcPort(1004)= [UINT16];DstIPAddr(1007)= [IPADDR];DstPort(1008)= [UINT16]; User(1098)=%s; Application(1002)= [STRING]; Account(1101)= [STRING].
Variable fields	$1: Protocol address. $2: Source IP address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Username. $7: Application name. $8: User account.
Severity level	6
Example	UDPI/6/USER-NETLOG:-Chassis=1-Slot=5.1;Protocol(1001)=UDP;SrcIPAddr(1003)=22.1.1.2;SrcPort(1004)=0;DstIPAddr(1007)=21.1.1.2;DstPort(1008)=65297;User(1098)=22.1.1.2; Application(1002)=ZhenAiWang; Account(1101)=72753475.
Explanation	This message is generated when a packet matches application account characteristics.
Recommended action	None

APR messages

This section contains APR messages.

NBAR_WARNING

Message text	Updated the APR signature library successfully.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Updated the APR signature library successfully.
Explanation	The APR signature library was updated successfully. The device outputs this log message for one of the following conditions: · The triggered update operation succeeds. · The local update operation succeeds.
Recommended action	No action is required.

NBAR_WARNING

Message text	Rolled back the APR signature library successfully.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Rolled back the APR signature library successfully.
Explanation	The APR signature library was rolled back successfully to the last version or the factory version.
Recommended action	No action is required.

NBAR_WARNING

Message text	Failed to update the APR signature library because no valid license was found for the NBAR feature.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Failed to update the APR signature library because no valid license was found for the NBAR feature.
Explanation	The APR signature library update failed because no valid license was found for updating the APR signature library. The device outputs this log message for one of the following conditions: · Failed to perform a triggered update operation. · Failed to perform a local update operation through the Web interface.
Recommended action	No action is required.

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text	No ARP reply from IP [STRING] was received on interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.
Explanation	The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks.
Recommended action	1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the ARP entries are correct and the attack continues, contact H3C Support.

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text	Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.
Variable fields	$1: Interface name. $2: IP address.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.
Explanation	The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks.
Recommended action	No action is required. The device discards the ARP reply automatically.

ARP_BINDRULETOHW_FAILED

Message text	Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].
Variable fields	$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address.
Severity level	5
Example	ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface Ethernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.
Explanation	The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs.
Recommended action	To resolve the problem: 1. Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 2. Execute the display memory command to check if the memory for the operation is sufficient. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 3. Delete the configuration and perform the operation again.

ARP_DYNAMIC

Message text	The maximum number of dynamic ARP entries for the device reached.
Variable fields	N/A
Severity level	6
Example	The maximum number of dynamic ARP entries for the device reached.
Explanation	This message is displayed when the maximum number of dynamic ARP entries on the device is reached.
Recommended action	No action is required.

ARP_DYNAMIC_IF

Message text	The maximum number of dynamic ARP entries for interface [STRING] reached.
Variable fields	$1: Interface name.
Severity level	6
Example	The maximum number of dynamic ARP entries for interface GigabitEthernet3/0/1 reached.
Explanation	This message is displayed when maximum number of dynamic ARP entries on an interface is reached.
Recommended action	No action is required.

ARP_DYNAMIC_SLOT

Message text	The maximum number of dynamic ARP entries for [STRING] reached.
Variable fields	$1: Slot number (in standalone mode) or chassis number and slot number (in IRF mode).
Severity level	6
Example	The maximum number of dynamic ARP entries for slot 2 reached. The maximum number of dynamic ARP entries for chassis 1 slot 2 reached.
Explanation	This message is displayed when the maximum number of dynamic ARP entries on a slot is reached.
Recommended action	No action is required.

ARP_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: Interface name.
Severity level	4
Example	ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.
Explanation	The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.
Recommended action	Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

ARP_RATE_EXCEEDED

Message text	The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.
Variable fields	$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time.
Severity level	4
Example	ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.
Explanation	An interface received ARP messages at a higher rate than the rate limit.
Recommended action	Verify that the hosts at the sender IP addresses are legitimate.

ARP_SENDER_IP_INVALID

Message text	Sender IP [STRING] was not on the same network as the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.
Explanation	The sender IP of a received ARP message was not on the same network as the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_MAC_INVALID

Message text	Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].
Variable fields	$1: MAC address. $2: MAC address. $3: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.
Explanation	An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.
Recommended action	Verify that the host at the sender MAC address is legitimate.

ARP_SRC_MAC_FOUND_ATTACK

Message text	An attack from MAC [STRING] was detected on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.
Explanation	The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks.
Recommended action	Verify that the host at the source MAC address is legitimate.

ARP_TARGET_IP_INVALID

Message text	Target IP [STRING] was not the IP of the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.
Explanation	The target IP address of a received ARP message was not the IP address of the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

DUPIFIP

Message text	Duplicate address [STRING] on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC Address.
Severity level	6
Example	ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface Ethernet1/1/1, sourced from 0015-E944-A947.
Explanation	ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface.
Recommended action	Modify the IP address configuration.

DUPIP

Message text	IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].
Variable fields	$1: IP address. $2: MAC Address.
Severity level	6
Example	ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.
Explanation	The sender IP address of the received ARP packet conflicted with the global or imported IP address.
Recommended action	Modify the IP address configuration.

DUPVRRPIP

Message text	IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC address.
Severity level	6
Example	ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface Ethernet1/1/1, sourced from 0015-E944-A947.
Explanation	The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.
Recommended action	Modify the IP address configuration.

ASPF messages

This section contains ASPF messages.

ASPF_IPV4_DNS

Message text	SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING].
Variable fields	$1: Source IPv4 address. $2: Destination IPv4 address. $3: VPN instance name. $4: Local address of a DS-Lite tunnel. $5: Domain name. $6: Action on the detected illegal packets: · drop—Drops illegal packets. · logging—Generates log messages. · none—Does not process the packets and allows illegal packets to pass. $7: Reason why the message was generated: · Invalid DNS RR. · Failed to check DNS header flag. · Failed to check DNS header ID.
Severity level	6
Example	ASPF/6/ASPF_IPV4_DNS:SrcIPAddr(1003)=1.1.1.3;DstIPAddr(1007)=2.1.1.2;RcvVPNInstance(1042)=vpn;RcvDSLiteTunnelPeer(1040)=dstunnel1;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid.
Explanation	ASPF inspection for DNS is configured. The device takes a specific action on IPv4 packets that are determined to be illegal for a reason.
Recommended action	No action is required.

ASPF_IPV6_DNS

Message text	SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING].
Variable fields	$1: Source IPv6 address. $2: Destination IPv6 address. $3: VPN instance name. $4: Domain name. $5: Action on the detected illegal packets: · drop—Drops illegal packets. · logging—Generates log messages. · none—Does not process the packet and allows illegal packets to pass. $6: Reason why the message was generated: · Invalid DNS RR. · Failed to check DNS header flag. · Failed to check DNS header ID.
Severity level	6
Example	ASPF/6/ASPF_IPV6_DNS:SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;RcvVPNInstance(1042)=vpn;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid.
Explanation	ASPF inspection for DNS is configured. The device takes a specific action on IPv6 packets that are determined to be illegal for a reason.
Recommended action	No action is required.

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ:SubModule(1127)=SINGLE;IcmpType(1062)=17;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=17;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=17;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=17;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL:SubModule(1127)=SINGLE;IcmpType(1062)=18;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=18;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=18;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=18;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ:SubModule(1127)=SINGLE;IcmpType(1062)=8;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=8;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=8;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;DstPort(1004)=22;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=8;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL:SubModule(1127)=SINGLE;IcmpType(1062)=0;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=0;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=0;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=0;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ:SubModule(1127)=SINGLE;IcmpType(1062)=15;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=15;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=15;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=15;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL:SubModule(1127)=SINGLE;IcmpType(1062)=16;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=16;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=16;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=16;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/3/ATK_ICMP_LARGE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/3/ATK_ICMP_LARGE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_LARGE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_LARGE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/3/ATK_ICMP_LARGE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM:SubModule(1127)=SINGLE;IcmpType(1062)=12;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=12;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=12;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=12;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_REDIRECT

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT:SubModule(1127)=SINGLE;IcmpType(1062)=5;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=5;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=5;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=5;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SMURF

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SMURF_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH:SubModule(1127)=SINGLE;IcmpType(1062)=4;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=4;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=4;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=4;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED:SubModule(1127)=SINGLE;IcmpType(1062)=11;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=11;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=11;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=11;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMP_TRACEROUTE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMP_TRACEROUTE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ:SubModule(1127)=SINGLE;IcmpType(1062)=13;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=13;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=13;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=13;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL:SubModule(1127)=SINGLE;IcmpType(1062)=14;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=14;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=14;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=14;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TYPE

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE:SubModule(1127)=SINGLE;IcmpType(1062)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_TYPE_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE:SubModule(1127)=SINGLE;IcmpType(1062)=3;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW:SubModule(1127)=SINGLE;IcmpType(1062)=3;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=3;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_SZ

Message text	SubModule(1127)=SINGLE;IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMP message type. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_SZ:SubModule(1127)=SINGLE;IcmpType(1062)=3;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH:SubModule(1127)=SINGLE;Icmpv6Type(1064)=133;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=133;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=133;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=133;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=128;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=128;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=128;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=128;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL:SubModule(1127)=SINGLE;Icmpv6Type(1064)=129;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=129;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=129;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=129;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1007)=2002::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Ex ample	ATK/3/ATK_ICMPV6_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1007)=2002::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY:SubModule(1127)=SINGLE;Icmpv6Type(1064)=130;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=130;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=130;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=130;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION:SubModule(1127)=SINGLE;Icmpv6Type(1064)=132;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=132;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=132;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=132;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT:SubModule(1127)=SINGLE;Icmpv6Type(1064)=131;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=131;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=131;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=131;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/3/ATK_ICMPV6_LARGE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/3/ATK_ICMPV6_LARGE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/3/ATK_ICMPV6_LARGE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/3/ATK_ICMPV6_LARGE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG:SubModule(1127)=SINGLE;Icmpv6Type(1064)=136;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=136;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=136;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=136;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM:SubModule(1127)=SINGLE;Icmpv6Type(1064)=135;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=135;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=135;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=135;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED:SubModule(1127)=SINGLE;Icmpv6Type(1064)=134;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=134;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=134;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=134;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMPV6_TRACEROUTE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	4
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TYPE

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE:SubModule(1127)=SINGLE;Icmpv6Type(1064)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_ICMPV6_TYPE _RAW_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=38;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_RAW

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW:SubModule(1127)=SINGLE;Icmpv6Type(1064)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_SZ

Message text	SubModule(1127)=SINGLE;Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: ICMPv6 message type. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_SZ:SubModule(1127)=SINGLE;Icmpv6Type(1064)=38;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_IP_OPTION

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION:SubModule(1127)=SINGLE;IPOptValue(1061)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP_OPTION_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=38;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IP_OPTION_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IP_OPTION_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;Protocol(1001)=UDP;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FRAGMENT

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	4
Example	ATK/3/ATK_IP4_FRAGMENT:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP4_FRAGMENT_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP4_FRAGMENT_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	4
Example	ATK/3/ATK_IP4_FRAGMENT_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_HTTPS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Name of the receiving interface. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTPS_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20201009093351.
Explanation	This message is sent when the number of HTTPS packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_HTTPS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTPS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20201009093351.
Explanation	This message is sent when the number of IPv4 HTTPS packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IPSWEEP

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_IPSWEEP_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];DstIPAddr(1007)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Name of the receiving VPN instance. $7: Destination IP address. $8: Actions against the attack. $9: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;DstIPAddr(1007)=6.1.1.5;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];DstIPAddr(1007)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Name of the receiving VPN instance. $7: Destination IP address. $8: Actions against the attack. $9: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;DstIPAddr(1007)=6.1.1.5;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SLOW_ATTACK

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SLOW_ATTACK:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP slow attack packets sent to a destination within the detection period exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SLOW_ATTACK_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SLOW_ATTACK_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP slow attack packets sent to a destination within the detection period exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: Destination IP address. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=2.3.3.1;DstIPAddr(1007)=6.1.1.5;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_LAND

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TEARDROP

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	4
Example	ATK/3/ATK_IP4_TINY_FRAGMENT:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	4
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: Destination IP address. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=2.3.3.1;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;Protocol(1001)=UDP;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_EXHEADER_ABNORMAL

Message text	SubModule(1127)=[STRING];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_ABNORMAL:SubModule(1127)=SINGLE;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for abnormal IPv6 extension header attack packets.
Recommended action	No action is required.

ATK_IP6_EXHEADER_ABNORMAL_RAW

Message text	SubModule(1127)=[STRING];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: VPN instance name $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_ABNORMAL_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging.
Explanation	This message is for the abnormal IPv6 extension header attack. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_EXHEADER_ABNORMAL_RAW_SZ

Message text	SubModule(1127)=[STRING];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: VPN instance name. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_ABNORMAL_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging.
Explanation	This message is for the abnormal IPv6 extension header attack. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_EXHEADER_ABNORMAL_SZ

Message text	SubModule(1127)=[STRING];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_ABNORMAL_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for abnormal IPv6 extension header attack packets.
Recommended action	No action is required.

ATK_IP6_EXHEADER_EXCEED

Message text	SubModule(1127)=[STRING];IPv6ExtHdrLimitValue(1142)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Upper limit of IPv6 extension headers. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_EXCEED:SubModule(1127)=SINGLE;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 extension header exceeded attack packets.
Recommended action	No action is required.

ATK_IP6_EXHEADER_EXCEED_RAW

Message text	SubModule(1127)=[STRING];IPv6ExtHdrLimitValue(1142)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Upper limit of IPv6 extension headers. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: VPN instance name. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_EXCEED_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging.
Explanation	This message is for the IPv6 extension header exceeded attack. This attack uses packets in which the number of extension headers exceeds the upper limit. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_EXHEADER_EXCEED_RAW_SZ

Message text	SubModule(1127)=[STRING];IPv6ExtHdrLimitValue(1142)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Upper limit of IPv6 extension headers. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: VPN instance name $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_EXCEED_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging.
Explanation	This message is for the IPv6 extension header exceeded attack. This attack uses packets in which the number of extension headers exceeds the upper limit. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_EXHEADER_EXCEED_SZ

Message text	SubModule(1127)=[STRING];IPv6ExtHdrLimitValue(1142)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Upper limit of IPv6 extension headers. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_IP6_EXHEADER_EXCEED_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=--;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 extension header exceeded attack packets.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FRAGMENT

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	4
Example	ATK/3/ATK_IP6_FRAGMENT:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP6_FRAGMENT_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	4
Example	ATK/3/ATK_IP6_FRAGMENT_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	4
Example	ATK/3/ATK_IP6_FRAGMENT_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_HTTPS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Name of the receiving interface. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTPS_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20201009100434.
Explanation	This message is sent when the number of HTTPS packets sent to a destination IPv6 address per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_HTTPS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTPS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20201009100434.
Explanation	This message is sent when the number of HTTPS packets sent to a destination IPv6 address per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IPSWEEP

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Source IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_IPSWEEP_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING]
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Source IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];DstIPv6Addr(1037)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Protocol name. $4: Source IPv6 address. $5: Name of the receiving VPN instance. $6: Destination IPv6 address. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;Protocol(1001)=UDP;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;DstIPv6Addr(1037)=2::2;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];DstIPv6Addr(1037)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Protocol name. $4: Source IPv6 address. $5: Name of the receiving VPN instance. $6: Destination IPv6 address. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;DstIPv6Addr(1037)=2::2;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SLOW_ATTACK

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SLOW_ATTACK:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv6 HTTP slow attack packets sent to a destination within the detection period exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SLOW_ATTACK_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SLOW_ATTACK_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv6 HTTP slow attack packets sent to a destination within the detection period exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_LAND

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $4: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $5: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD:RcvIfName(1023)=GigabitEthernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011072002;EndTime_c(1012)=20131011072502;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW

Message text	SubModule(1127)=SINGLE;RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW:SubModule(1127)=SINGLE;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_SZ

Message text	SubModule(1127)=SINGLE;SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_SZ:SubModule(1127)=SINGLE;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011072002;EndTime_c(1012)=20131011072502;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)= [UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE:SubModule(1127)=SINGLE;IPOptValue(1061)=131;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=131;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=131;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)= [UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=131;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE:SubModule(1127)=SINGLE;IPOptValue(1061)=7;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=7;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=7;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=7;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT:SubModule(1127)=SINGLE;IPOptValue(1061)=148;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=148;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=148;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=148;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_SECURITY

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY:SubModule(1127)=SINGLE;IPOptValue(1061)=130;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131009091022;EndTime_c(1012)=20131009091522;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=130;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=130;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=130;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131009091022;EndTime_c(1012)=20131009091522;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_STREAMID

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID:SubModule(1127)=SINGLE;IPOptValue(1061)=136;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=136;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=136;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=136;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE:SubModule(1127)=SINGLE;IPOptValue(1061)=137;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=137;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=137;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=137;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP:SubModule(1127)=SINGLE;IPOptValue(1061)=68;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Receiving interface name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW:SubModule(1127)=SINGLE;IPOptValue(1061)=68;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=68;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_SZ

Message text	SubModule(1127)=SINGLE;IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IP option value. $3: Source security zone name. $4: Source IP address. $5: IP address of the peer DS-Lite tunnel interface. $6: Destination IP address. $7: Name of the receiving VPN instance. $8: Protocol type. $9: Actions against the attack. $10: Start time of the attack. $11: End time of the attack. $12: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_SZ:SubModule(1127)=SINGLE;IPOptValue(1061)=68;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER

Message text	SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IPv6 extension header value. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER:SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=43;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER _RAW

Message text	SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IPv6 extension header value. $3: Receiving interface name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW:SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=43;RcvIfName(1023)=GigabitEthernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_RAW_SZ

Message text	SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Sub module name. $2: IPv6 extension header value. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW_SZ:SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=43;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_SZ

Message text	SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Sub module name. $2: IPv6 extension header value. $3: Source security zone name. $4: Source IPv6 address. $5: Destination IPv6 address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_SZ:SubModule(1127)=SINGLE;IPv6ExtHeader(1066)=43;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

ATM

This section contains ATM messages.

ATM_PVCDOWN

Message text	Interface [STRING] PVC [UINT16]/[UINT16] status is down.
Variable fields	$1: Name of the interface to which the PVC belongs. $2: VPI value of the PVC. $3: VCI value of the PVC.
Severity level	5
Example	ATM/5/ATM_PVCDOWN: Interface ATM2/0/2 PVC 0/100 status is down.
Explanation	The PVC state became down. Possible reasons include the following: · The ATM interface to which the PVC belongs went down. · The OAM state of the PVC became down. · The PVC had been manually shut down.
Recommended action	Use the display atm pvc-info command to display detailed information about the PVC and take relevant actions: · If the interface state is down, take the following actions: ¡ Make sure both the local and remote ATM interfaces are up by using the display interface atm command. If the interfaces have been manually shut down, execute the undo shutdown command in interface view to bring them up. ¡ Make sure the two interfaces are correctly connected. · If the OAM state is down, take the following actions: ¡ Make sure the VPI/VCI value of the remote PVC is the same as the VPI/VCI value of the local PVC. ¡ Make sure the OAM configuration of the remote PVC is consistent with the OAM configuration of the local PVC. For example, if one end is configured as the OAM CC cell sink, the other end must be configured as the OAM CC cell source. ¡ Make sure the remote PVC is up. If the remote PVC has been manually shut down, execute the undo shutdown command in PVC view to bring it up. ¡ Make sure the two ends are correctly connected. ¡ If the two routers are connected through an ATM network, in addition to the previous check items, you must check the forwarding rule of the ATM network. If the ATM network cannot reach the PVC, the PVC cannot come up. · If the PVC state is down, check if the local PVC has been manually shut down. To bring up the PVC, execute the undo shutdown command in PVC view.

ATM_PVCUP

Message text	Interface [STRING] PVC [UINT16]/[UINT16] status is up.
Variable fields	$1: Name of the interface to which the PVC belongs. $2: VPI value of the PVC. $3: VCI value of the PVC.
Severity level	5
Example	ATM/5/ATM_PVCUP: Interface ATM2/0/2 PVC 0/100 status is up.
Explanation	The PVC state became up.
Recommended action	No action is required.

AUDIT messages

This section contains application audit and management messages.

AUDIT_RULE_MATCH_IM_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<wb@ubuntu.wb>,Receiver_addr(1107)=<wb@ubuntu.wb>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_IM_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)= [STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<wb@ubuntu.wb>,Receiver_addr(1107)=<wb@ubuntu.wb>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUTOCFG messages

This section contains automatic configuration messages.

AUTOCFG_URL_EXECUTE_FAILURE

Message text	URL-based automatic configuration failed at command line [STRING] and stopped.
Variable fields	$1: Command line that failed to be executed.
Severity level	4
Example	AUTOCFG/4/AUTOCFG_URL_EXECUTE_FAILURE: URL-based automatic configuration failed at command line "system-view" and stopped.
Explanation	The automatic configuration process stopped at a command line that failed to be executed. The following command lines were not executed.
Recommended action	Record the log message and contact the technical support.

AUTOCFG_URL_EXECUTE_SUCCESS

Message text	URL-based automatic configuration finished successfully.
Variable fields	None
Severity level	6
Example	AUTOCFG/6/AUTOCFG_URL_EXECUTE_SUCCESS: URL-based automatic configuration finished successfully.
Explanation	A URL-based automatic configuration process finished successfully.
Recommended action	No action is required.

AUTOCFG_URL_START_FAILED

Message text	URL-based automatic configuration service by [STRING] from [STRING] failed.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	AUTOCFG/6/AUTOCFG_URL_START_FAILED: URL-based automatic configuration service by admin from 192.168.111.250 failed.
Explanation	A user failed to start URL-based automatic device configuration.
Recommended action	Verify that the username and password are correct.

AUTOCFG_URL_START_SUCCESS

Message text	URL-based automatic configuration started by [STRING] from [STRING].
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	AUTOCFG/6/AUTOCFG_URL_START_SUCCESS: URL-based automatic configuration started by admin from 192.168.111.250.
Explanation	A user started URL-based automatic device configuration successfully.
Recommended action	No action is required.

AVC messages

This section contains bandwidth management messages.

AVC_MATCH_IPV4_LOG

Message text	Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[USHORT];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];HitTime(1114)=[STRING];Action(1053)= [STRING];
Variable fields	$1: Application name. $2: User name. $3: Source IPv4 address. $4: Source port number. $5: Destination IPv4 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. $11: Rule action.
Severity level	6
Example	AVC/6/AVC_MATCH_IPV4_LOG:Application(1002)=App;UserName(1113)=User1;SrcIPAddr(1003)=12.2.2.2;SrcPort(1004)=5141;DstIPAddr(1007)=13.1.1.14;DstPort(1008)=5784;SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;HitTime(1114)=Wed, 22 May 2019 16:43:47;Action(1053)=drop;
Explanation	This message is generated and sent to the log host as a fast output log when a packet matches a traffic rule.
Recommended action	None.

AVC_MATCH_IPV6_LOG

Message text	Application(1002)=[STRING];UserName(1113)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[USHORT];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[USHORT];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];HitTime(1114)=[STRING];Action(1053)= [STRING];
Variable fields	$1: Application name. $2: User name. $3: Source IPv6 address. $4: Source port number. $5: Destination IPv6 address. $6: Destination port number. $7: Source security zone. $8: Destination security zone. $9: Policy name. $10: Hit time. $11: Rule action.
Severity level	6
Example	AVC/6/AVC_MATCH_IPV6_LOG:Application(1002)=App;UserName(1113)=User1;SrcIPv6Addr(1036)=12::2;SrcPort(1004)=5141;DstIPv6Addr(1037)=13::4;DstPort(1008)=5784; SrcZoneName(1025)=whx;DstZoneName(1035)=hea;PolicyName(1079)=aaa;HitTime(1114)= Wed, 22 May 2019 16:52:08; Action(1053)=drop;
Explanation	This message is generated and sent to the log host as a fast output log when a packet matches a traffic rule.
Recommended action	None.

AVC_THRESHOLDWARNING_FASTLOGGING_FMT

Message text	SrcIPAddr(1003)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32];
Variable fields	$1: Source IPv4 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time when the device detected a threshold violation. $11: Warning duration. (length of time the threshold violation lasted).
Severity level	6
Example	AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_FMT:SrcIPAddr(1003)=192.168.1.8;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=YuShi;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7;
Explanation	This message is generated and sent to the log host as a fast output log if a threshold violation occurs one minute or more after the previous threshold violation.
Recommended action	None.

AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT

Message text	SrcIPv6Addr(1036)=[IPADDR];PolicyName(1079)=[STRING];ProfileName(1158)=[STRING];DeviceInfo(1159)=[STRING];BandwidthUpperLimit(1160)=[UINT32];BandwidthLowerLimit(1161)=[UINT32];UpperWarningValue(1162)=[UINT32];LowerWarningValue(1163)=[UINT32];CurRateValue(1164)=[UINT32];WarningTime(1165)=[STRING];WarningDuration(1166)=[UINT32];
Variable fields	$1: Source IPv6 address. $2: Traffic policy name. $3: Traffic profile name. $4: Device information. $5: Maximum bandwidth threshold in kbps. $6: Minimum bandwidth threshold in kbps. $7: Actual rate in kbps that exceeds the maximum bandwidth threshold. $8: Actual rate in kbps that falls below the minimum bandwidth threshold. $9: Current traffic rate in kbps. $10: Warning time (time when the device detected a threshold violation). $11: Warning duration (length of time the threshold violation lasted).
Severity level	6
Example	AVC/6/AVC_THRESHOLDWARNING_FASTLOGGING_IPV6FMT:SrcIPv6Addr(1036)=2001::1;PolicyName(1079)=a;ProfileName(1158)=p;DeviceInfo(1159)=YuShi;BandwidthUpperLimit(1160)=8366;BandwidthLowerLimit(1161)=2091;UpperWarningValue(1162)=6;LowerWarningValue(1163)=6;CurRateValue(1164)=6;WarningTime(1165)=Fri, 8 Oct 2019 17:38:32;WarningDuration(1166)=7;
Explanation	This message is generated and sent to the log host as a fast output log if a threshold violation occurs more than one minute after the previous threshold violation occurred.
Recommended action	None.

BFD messages

This section contains BFD messages.

BFD_CHANGE_FSM

Message text	Sess[STRING], Ver, Sta: [STRING]->[STRING], Diag: [STRING]
Variable fields	$1: Source address, destination address, interface, and message type of the BFD session. $2: Name of FSM before changing. $3: Name of FSM after changing. $4: Diagnostic information: · 0 (No Diagnostic). · 1 (Control Detection Time Expired)—A control-mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo-mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The BFD session is shut down administratively on the local end.
Severity level	5
Example	BFD/5/BFD_CHANGE_FSM:Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic).
Explanation	The FSM of the BFD session has been changed. This informational message appears when a BFD session comes up or goes down. Unexpected session loss might indicate high error or packet loss rates in the network.
Recommended action	Check for incorrect BFD configuration or network congestion.

BFD_REACHED_UPPER_LIMIT

Message text	The total number of BFD sessions [ULONG] reached the upper limit. Can’t create a new session.
Variable fields	$1: Total number of BFD sessions.
Severity level	5
Example	BFD/5/BFD_REACHED_UPPER_LIMIT: The total number of BFD session 100 reached upper limit.
Explanation	The total number of BFD sessions has reached the upper limit.
Recommended action	Check the BFD session configuration.

BGP messages

This section contains BGP messages.

BGP_EXCEED_ROUTE_LIMIT

Message text	BGP.[STRING]: The number of routes from peer [STRING] ([STRING]) exceeds the limit [UINT32].
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes.
Severity level	4
Example	BGP/4/BGP_EXCEED_ROUTE_LIMIT: BGP.vpn1: The number of routes from peer 1.1.1.1 (IPv4-UNC) exceeds the limit 100.
Explanation	The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the maximum number of routes.

BGP_REACHED_THRESHOLD

Message text	BGP.[STRING]: The proportion of prefixes received from peer [STRING] ([STRING]) to maximum allowed prefixes reached the threshold value ([UINT32]%).
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Percentage of received routes to the maximum allowed routes.
Severity level	5
Example	BGP/5/BGP_REACHED_THRESHOLD: BGP.vpn1: The proportion of prefixes received from peer 1.1.1.1 (IPv4-UNC) to maximum allowed prefixes reached the threshold value (60%).
Explanation	The percentage of received routes to the maximum allowed routes reached the threshold.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the threshold value or the maximum number of routes that can be received from the peer.

BGP_MEM_ALERT

Message text	BGP process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm, stop and start.
Severity level	5
Example	BGP/5/BGP_MEM_ALERT: BGP process received system memory alert start event.
Explanation	BGP received a memory alarm.
Recommended action	If BGP received a system memory alert start event, check the system memory and try to free some memory by adjusting modules that occupied too much memory.

BGP_PEER_LICENSE_REACHED

Message text	Number of peers in Established state reached the license limit.
Variable fields	N/A
Severity level	5
Example	BGP/5/BGP_PEER_LICENSE_REACHED: Number of peers in Established state reached the license limit.
Explanation	The number of peers in Established state reached the license limit.
Recommended action	Determine whether a new license is required.

BGP_ROUTE_LICENSE_REACHED

Message text	Number of [STRING] routes reached the license limit.
Variable fields	$1: BGP address family: · IPv4-UNC public—IPv4 unicast routes for the public network. · IPv6-UNC public—IPv6 unicast routes for the public network. · IPv4 private—IPv4 unicast routes, VPNv4 routes, and nested VPN routes for the private network. · IPv6 private—IPv6 unicast routes and VPNv6 routes for the private network.
Severity level	5
Example	BGP/5/BGP_ROUTE_LICENSE_REACHED: Number of IPv4-UNC public routes reached the license limit.
Explanation	The number of routes in the specified address family reached the license limit.
Recommended action	Determine whether a new license is required. After the number of routes in the specified family falls below the license limit or the license limit increases, you must manually restore the discarded routes.

BGP_STATE_CHANGED

Message text	· Text 1: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING]. · Text 2: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING] for [STRING].
Variable fields	In text 1: $1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Name of FSM before the state change. $4: Name of FSM after the state change. In text 2: $1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Name of FSM before the state change. $4: Name of FSM after the state change. $5: Reason for the state change.
Severity level	5
Example	BGP/5/BGP_STATE_CHANGED: BGP.vpn1:192.99.0.2 state has changed from OPENCONFIRM to ESTABLISHED.
Explanation	The FSM of a BGP peer has changed. This informational message appears when a BGP peer comes up or goes down.
Recommended action	If a peer goes down unexpectedly, determine whether an error or packet loss occurs.

BLS messages

This section contains blacklist messages.

BLS_DIP_BLOCK

Message text	DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING].
Variable fields	$1: Blacklisted destination IPv4 address. $2: VPN instance name. $3: Peer address of the DS-Lite tunnel.
Severity level	3
Example	BLS/3/BLS_DIP_BLOCK:DstIPAddr(1007)=1.1.1.5;RcvVPNInstance(1042)=;SndDSLiteTunnelPeer(1041)=--.
Explanation	This message is sent when an IPv4 destination blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

BLS_DIPV6_BLOCK

Message text	DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING].
Variable fields	$1: Blacklisted destination IPv6 address. $2: VPN instance name.
Severity level	3
Example	BLS/3/BLS_DIPV6_BLOCK: DstIPv6Addr(1037)=200::3;RcvVPNInstance(1042)=.
Explanation	This message is sent when an IPv6 destination blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

BLS_ENTRY_ADD

Message text	SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: TTL of a blacklist entry. $5: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_ENTRY_ADD: -Context=1; SrcIPAddr(1003)=1.1.1.6; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=; TTL(1055)=; Reason(1056)=Configuration. BLS/5/BLS_ENTRY_ADD: -Context=1; SrcIPAddr(1003)=9.1.1.5; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=vpn1; TTL(1055)=10; Reason(1056)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_ENTRY_DEL

Message text	SrcIPAddr(1003)=[IPADDR]; SndDSLiteTunnelPeer(1041)=[STRING]; RcvVPNInstance(1042)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_ENTRY_DEL: -Context=1; SrcIPAddr(1003)=1.1.1.3; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=; Reason(1056)=Configuration. BLS/5/BLS_ENTRY_DEL: -Context=1; SrcIPAddr(1003)=9.1.1.5; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=vpn1; Reason(1056)=Aging.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_IP_BLOCK

Message text	SrcIPAddr(1003)=[IPADDR];RcvVPNInstance(1042)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING].
Variable fields	$1: Blacklisted source IPv4 address. $2: VPN instance name. $3: Peer address of the DS-Lite tunnel.
Severity level	3
Example	BLS/3/BLS_IP_BLOCK:SrcIPAddr(1003)=1.1.1.3;RcvVPNInstance(1042)=;SndDSLiteTunnelPeer(1041)=--.
Explanation	This message is sent when an IPv4 source blacklist entry or the address object group-based blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

BLS_IPV6_BLOCK

Message text	SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING].
Variable fields	$1: Blacklisted source IPv6 address. $2: VPN instance name.
Severity level	3
Example	BLS/3/BLS_IPV6_BLOCK: SrcIPv6Addr(1036)=200::2;RcvVPNInstance(1042)=.
Explanation	This message is sent when an IPv6 source blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

BLS_IPV6_ENTRY_ADD

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1042)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: TTL of a blacklist entry. $4: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_ADD: -Context=1; SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1042)=; TTL(1055)=; Reason(1056)=Configuration. BLS/5/BLS_IPV6_ENTRY_ADD: -Context=1; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1042)=; TTL(1055)=10; Reason(1056)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_IPV6_ENTRY_DEL

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1042)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_DEL: -Context=1; SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1042)=; Reason(1056)=Configuration. BLS/5/BLS_IPV6_ENTRY_DEL: -Context=1; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1042)=; Reason(1056)= Aging.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_ENTRY_USER_ADD

Message text	User(1098)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING]; DomainName(1099) =[STRING].
Variable fields	$1: Username in the user blacklist entry. $2: User blacklist entry aging time. $3: Reason why the user blacklist entry was added. $4: Name of the user identification domain to which the user belongs.
Severity level	5
Example	BLS/5/BLS_ENTRY_USER_ADD: User(1098)=user1; TTL(1055)=10; Reason(1056)=Configuration; DomainName(1099)=domain1.
Explanation	A user blacklist entry was added. The message is sent when a user blacklist entry is manually added.
Recommended action	No action is required.

BLS_ENTRY_USER_DEL

Message text	User(1098)=[STRING]; Reason(1056)=[STRING]; DomainName(1099) =[STRING].
Variable fields	$1: Username in the user blacklist entry. $2: Reason why the blacklist entry was deleted: · Configuration—Manual deletion. · Aging—Ageout. $3: Name of the user identification domain to which the user belongs.
Severity level	5
Example	BLS/5/BLS_ENTRY_USER_DEL: User(1098)=user1; Reason(1056)=Configuration; DomainName(1099)=domain1. BLS/5/BLS_ENTRY_USER_DEL: User(1098)=user1; Reason(1056)=Aging; DomainName(1099)=domain1.
Explanation	A user blacklist entry was deleted. The message is sent when a user blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_USER_IP_BLOCK

Message text	User(1098)=[STRING];SrcIPAddr(1003)=[IPADDR];DomainName(1099)=[STRING]; RcvVPNInstance(1042)=[STRING];SrcMacAddr(1021)=[STRING].
Variable fields	$1: Name of the blacklisted user. $2: User IPv4 address. $3: Name of the identity domain to which the user belongs. $4: VPN instance name. $5: User MAC address.
Severity level	3
Example	BLS/3/BLS_USER_IP_BLOCK: User(1098)=user1;SrcIPAddr(1003)=1.1.1.6;DomainName(1099)=; RcvVPNInstance(1042)=;SrcMacAddr(1021)= 38ad-bea7-829a.
Explanation	This message is sent when an IPv4 user blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

BLS_USER_IPV6_BLOCK

Message text	User(1098)=[STRING];SrcIPAddr(1003)=[IPADDR];DomainName(1099)=[STRING];RcvVPNInstance(1042)=[STRING];SrcMacAddr(1021)=[STRING].
Variable fields	$1: Name of the blacklisted user. $2: User IPv6 address. $3: Name of the identity domain to which the user belongs. $4: VPN instance name. $5: User MAC address.
Severity level	3
Example	BLS/3/BLS_USER_IPV6_BLOCK:User(1098)=user2;SrcIPAddr(1003)=1.1.1.7;DomainName(1099)=;RcvVPNInstance(1042)=;SrcMacAddr(1021)= 38ad-bea7-829b.
Explanation	This message is sent when an IPv6 user blacklist entry is hit. Logs are sent every 30 seconds.
Recommended action	No action is required.

CC defense messages

This section contains CC defense messages through fast log output.

CC_MATCH_IPV4_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];PolicyName(1079)=[STRING];RuleName(1080)=[STRING];ProtectedURL(1136)=[STRING];HitSrcIPAddr(1137)=[IPADDR];HitTime(1138)=[STRING];RequestRate(1139)=[UINT32];RequestConcentration(1140)=[UINT32];Action(1053)=[STRING];BlockTime(1141)=[UINT32];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: CC defense policy name. $8: CC defense rule name. $9: Protected path matched. $10: Source IP address matched. $11: Time when the protected path is matched. $12: Request rate. $13: Request concentration ratio. $14: Actions on the matching packet. Available actions are: ¡ Block. ¡ Permit. $15: Block period.
Severity level	6
Example	CC-DEFENSE/6/CC_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;SrcIPAddr(1003)=112.1.1.2;SrcPort(1004)=3887;DstIPAddr(1007)=114.1.1.2;DstPort(1008)=80;PolicyName(1079)=1;RuleName(1080)=test;ProtectedURL(1136)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;HitSrcIPAddr(1137)=112.1.1.2;HitTime(1138)=1480691551;RequestRate(1139)=10;RequestConcentration(1140)=150;Action(1053)=Block;BlockTime(1141)=300;
Explanation	This message is sent when an IPv4 packet matches a CC defense rule, and a detection item threshold is reached.
Recommended action	No action is required.

CC_MATCH_IPV6_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];PolicyName(1079)=[STRING];RuleName(1080)=[STRING];ProtectedURL(1136)=[STRING];HitSrcIPv6Addr(1037)=[IPADDR];HitTime(1138)=[STRING];RequestRate(1139)=[UINT32];RequestConcentration(1140)=[UINT32];Action(1053)=[STRING];BlockTime(1141)=[UINT32];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: CC defense policy name. $8: CC defense rule name. $9: Protected path matched. $10: Source IP address matched. $11: Time when the protected path is matched. $12: Request rate. $13: Request concentration ratio. $14: Actions on the matching packet. Available actions are: ¡ Block. ¡ Permit. $15: Block period.
Severity level	4
Example	CC-DEFENSE/6/CC_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;PolicyName(1079)=1;RuleName(1080)=test;ProtectedURL(1136)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;HitSrcIPv6Addr(1137)=1:2:3:4:5:6:7:8;HitTime(1138)=1480691551;RequestRate(1139)=150;RequestConcentration(1140)=20;Action(1053)=Block;BlockTime(1141)=300;
Explanation	This message is sent when an IPv6 packet matches a CC defense rule and a detection item threshold is reached.
Recommended action	No action is required.

CFD messages

This section contains CFD messages.

CFD_CROSS_CCM

Message text	MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0.
Explanation	A MEP received a cross-connect CCM containing a different MA ID or MD ID.
Recommended action	Check the configurations of MEPs on both ends. Make sure the MEPs have consistent configurations, including MD, MA, and level.

CFD_ERROR_CCM

Message text	MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1.
Explanation	A MEP received an error CCM containing an unexpected MEP ID or lifetime.
Recommended action	Check the CCM configuration. Make sure the CCM intervals are consistent on both ends, and the remote MEP ID is included in the MEP list of the local end.

CFD_REACH_LOWERLIMIT

Message text	[STRING] reached or fell below the lower limit [STRING] on MEP [UINT16] in service instance [INT32].
Variable fields	$1: Monitored indicator: ¡ Bit error ratio. ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID.
Severity level	6
Example	CFD/6/ CFD_REACH_LOWERLIMIT: Bit error ratio reached or fell below the lower limit 4% on MEP 2 in service instance 3.
Explanation	This message is generated when a monitored indicator reaches or falls below the lower limit.
Recommended action	No action is required.

CFD_REACH_UPPERLIMIT

Message text	[STRING] reached or exceeded the upper limit [STRING] on MEP [UINT16] in service instance [INT32].
Variable fields	$1: Monitored indicator: ¡ Bit error ratio. ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID.
Severity level	6
Example	CFD/6/ CFD_REACH_UPPERLIMIT: Bit error ratio reached or exceeded the upper limit 80% on MEP in service instance 3.
Explanation	This message is generated when a monitored indicator reaches or exceeds the upper limit.
Recommended action	No action is required.

CFD_LOST_CCM

Message text	MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16].
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 failed to receive CCMs from RMEP 2.
Explanation	A MEP failed to receive CCMs within 3.5 sending intervals because the link is faulty or the remote MEP does not send CCM within 3.5 sending intervals.
Recommended action	Check the link status and the configuration of the remote MEP. If the link is down or faulty (becomes unidirectional, for example), restore the link. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are consistent on both ends.

CFD_RECEIVE_CCM

Message text	MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16]
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2.
Explanation	A MEP received CCMs from a remote MEP.
Recommended action	No action is required.

CFGLOG messages

This section contains configuration log messages.

CFGLOG_CFGOPERATE

Message text	-Client=[STRING]-User=[STRING]-IPAddr=[STRING]-Role=[STRING];Config in [STRING] changed: -Old setting=[STRING]; -New setting=[STRING];
Variable fields	$1: Configuration method. The supported configuration methods include CLI, NETCONF, SNMP, CWMP, and Web. $2: Name of the user that changed the configuration. This field displays two asterisks () if the user does not use scheme authentication, which requires a username for login. $3: IP address of the user that changed the configuration. This field displays two asterisks () if the user logged in to the device through the console port. $4: User role of the user that changed the configuration. $5: Configuration change location. $6: Old setting. $7: New setting. If one operation causes multiple settings to change, the $5, $6, and $7 fields might be displayed one time for each setting change.
Severity level	6
Example	CFGLOG/6/CFGLOG_CFGOPERATE: -Client=CLI-User=-IPAddr=-Role=network-admin; Config in system changed: -Old setting=sysname Device -New setting=sysname Test.
Explanation	A user changed the configuration on the device.
Recommended action	No action is required.

CFGMAN messages

This section contains configuration management messages.

CFGMAN_ARCHIVE_FAIL

Message text	Failed to archive the running configuration to a remote server: Location=[STRING]
Variable fields	$1: URL of the remote server that stores the configuration archives. If the server is an FTP server, the URL is in the format of ftp://username@server-IP[:port-number]/file-path. If the server IP is an IPv6 address, the IPv6 address is enclosed within a pair of brackets ([]). If the server is a TFTP server, the URL does not contain the username field.
Severity level	4
Example	CFGMAN/4/CFGMAN_ARCHIVE_FAIL: Failed to archive the running configuration to a remote server: Location=ftp://admin@192.168.21.21[:21]/test/
Explanation	The device failed to archive the running configuration to a remote server.
Recommended action	1. Verify that the device can create temporary configuration archives locally. For this purpose, you can verify that the device can archive the running configuration by using the local archiving feature. 2. Verify that the remote server is accessible. 3. Verify that the remote server has sufficient storage space.

CFGMAN_CFGCHANGED

Message text	-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed.
Variable fields	$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective.
Severity level	5
Example	CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed.
Explanation	The running configuration changed in the past 10 minutes.
Recommended action	No action is required.

CFGMAN_OPTCOMPLETION

Message text	-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed.
Variable fields	$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time.
Severity level	5
Example	CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed.
Explanation	The device is performing or has completed an operation.
Recommended action	If the operation is not successful, locate and resolve the problem.

CFGMAN_REPLACE_CANCEL

Message text	Configuration rollback from remote server was canceled: Replacement file=[STRING]
Variable fields	$1: URL of the replacement configuration file on the remote rollback server. If the server is an FTP server, the URL is in the format of ftp://username@server-IP[:port-number]/file-path. If the server IP is an IPv6 address, the IPv6 address is enclosed within a pair of brackets ([]). If the server is a TFTP server, the URL does not contain the username field.
Severity level	5
Example	CFGMAN/5/CFGMAN_REPLACE_CANCEL: Configuration rollback from remote server was canceled: Replacement file=ftp://admin@192.168.21.21[:21]/test/startup.cfg
Explanation	This event occurs if the rollback schedule expires before it could be executed because the system date or time is changed backward.
Recommended action	Reconfigure the remote configuration rollback parameters as needed.

CFGMAN_REPLACE_FAIL

Message text	Failed to replace running configuration with a remote configuration file: File=[STRING]
Variable fields	$1: URL of the replacement configuration file on the remote rollback server. If the server is an FTP server, the URL is in the format of ftp://username@server-IP[:port-number]/file-path. If the server IP is an IPv6 address, the IPv6 address is enclosed within a pair of brackets ([]). If the server is a TFTP server, the URL does not contain the username field.
Severity level	4
Example	CFGMAN/4/CFGMAN_REPLACE_FAIL: Failed to replace running configuration with a remote configuration file: File=ftp://admin@192.168.21.21[:21]/test/startup.cfg
Explanation	The system failed to replace the running configuration with a configuration file on the remote rollback server.
Recommended action	1. Verify that the remote server is accessible. 2. Verify that the replacement configuration file exists in the file path on the server. 3. Verify that the device has sufficient storage space. 4. Verify that the content and format of the replacement configuration file are compatible with the device.

CFGMAN_REPLACE_SOON

Message text	The system will replace running configuration with a remote file in 1 minute: File=[STRING]
Variable fields	$1: URL of the replacement configuration file on the remote rollback server. If the server is an FTP server, the URL is in the format of ftp://username@server-IP[:port-number]/file-path. If the server IP is an IPv6 address, the IPv6 address is enclosed within a pair of brackets ([]). If the server is a TFTP server, the URL does not contain the username field.
Severity level	5
Example	CFGMAN/5/CFGMAN_REPLACE_SOON: The system will replace running configuration with a remote file in 1 minute: File=ftp://admin@192.168.21.21[:21]/test/startup.cfg
Explanation	The system has a configuration rollback schedule and it will replace the running configuration with a remote file in 1 minute.
Recommended action	Execute the undo configuration replace server file command to cancel the rollback schedule if it is not desirable.

CGROUP messages

This section contains interface collaboration messages.

CGROUP_STATUS_CHANGE

Message text	The status of collaboration group [UINT32] is [STRING].
Variable fields	$1: Collaboration group ID. $2: Collaboration group state: down or up.
Severity level	6
Example	CGROUP/6/CGROUP_STATUS_CHANGE: The status of collaboration group 1 is up.
Explanation	The status of collaboration group 1 is up or down.
Recommended action	Check the links.

CNTM messages

This section contains content moderation (CNTM) messages.

CONTENT_MODERATION_IPV4_LOG

Message text	SrcIPAddr(1003)=[IPAddr];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPAddr];DstPort(1008)=[UINT16];Protocol(1001)=[UCHAR];ThreatDir(1070)=[STRING];FileName(1097)=[STRING];MatchLabels(1023)=[STRING];
Variable fields	$1: Source IPv4 address of a packet. $2: Source port number of the packet. $3: Destination IPv4 address of the packet. $4: Destination port number of the packet. $5: IP protocol of the packet. $6: Transmission direction of the packet. $7: Name of a file in the packet. $8: Label for the harmful content in the file: ¡ terrorism—Terrorism. ¡ explosion—Explosion. ¡ outfit—Special dress. ¡ logo—Special log. ¡ weapon—Weapon. ¡ politics—Politics. ¡ sexy—Sex. ¡ porn—Porn. ¡ others—Other.
Severity level	6
Example	CNTM/6/COTENT_MODERATION_IPV4_LOG:SrcIPAddr(1003)=10.10.10.10;SrcPort(1004)=8080;DstIPAddr(1007)=20.20.20.20;DstPort(1008)=7070;Protocol(1001)=smtp ;Direction(1070)=upload;FileName(1097)=test1.mov;MatchLabels(1023)=weapon\|logo\|sexy;
Explanation	This message is sent when the content moderation module detects a harmful (such as pornographic or terroristic) in an image or video of a packet.
Recommended action	No action is required.

CONTENT_MODERATION_IPV6_LOG

Message text	SrcIPv6Addr(1036)=[IPAddr];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPAddr];DstPort(1008)=[UINT16];Protocol(1001)=[UCHAR];ThreatDir(1070)=[STRING];FileName(1097)=[STRING];MatchLabels(1023)=[STRING];
Variable fields	$1: Source IPv6 address of a packet. $2: Source port number of the packet. $3: Destination IPv6 address of the packet. $4: Destination port number of the packet. $5: IP protocol of the packet. $6: Transmission direction of the packet. $7: Name of a file in the packet. $8: Label for the harmful content in the file: ¡ terrorism—Terrorism. ¡ explosion—Explosion. ¡ outfit—Special dress. ¡ logo—Special log. ¡ weapon—Weapon. ¡ politics—Politics. ¡ sexy—Sex. ¡ porn—Porn. ¡ others—Other.
Severity level	6
Example	CNTM/6/COTENT_MODERATION_IPV6_LOG:SrcIPv6Addr(1036)=10::10;SrcPort(1004)=8080;DstIPv6Addr(1037)=20::20;DstPort(1008)=7070;Protocol(1001)=smtp;Direction(1070)=upload;FileName(1097)=test1.mov;MatchLabels(1023)=weapon\|logo\|sexy;
Explanation	This message is sent when the content moderation module detects a harmful (such as pornographic or terroristic) content in an image or video of a packet.
Recommended action	No action is required.

CONNLMT messages

This section contains connection limit messages.

CONNLMT_IPV4_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. $12: Permit or deny new connections.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;Action(1053)=Permit new connections;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV4_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold;
Explanation	The number of concurrent connections dropped below the lower threshold from the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message. $12: Permit or deny new connections.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;Action(1053)=Permit new connections;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=2001::1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold;
Explanation	The number of concurrent connections dropped below the lower threshold from the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV4_RATELIMIT

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];LimitRate(1073)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv4 address. $4: Destination IPv4 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper rate limit. $10: Rule ID. $11: Event message. $12: Permit or deny new connections.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_RATELIMIT: -MDC=1; RcvIfName(1023)=M-GigabitEthernet0/0/0;Protocol(1001)=;SrcIPAddr(1003)=;DstIPAddr(1007)=;ServicePort(1071)=; RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;LimitRate(1073)=10;LimitRuleNum(1051)=1;Event(1048)=Exceeded rate limit;Action(1053)=Permit new connections;
Explanation	Connections are established at a rate higher than the rate limit. The message is output only at the first time if the event takes place consecutively.
Recommended action	No action is required.

CONNLMT_IPV6_RATELIMIT

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];LimitRate(1073)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper rate limit. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_RATELIMIT: -MDC=1; RcvIfName(1023)=M-GigabitEthernet0/0/0;Protocol(1001)=;SrcIPv6Addr(1036)=;DstIPv6Addr(1037)=;ServicePort(1071)=; RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;LimitRate(1073)=10;LimitRuleNum(1051)=1;Event(1048)=Exceeded rate limit;
Explanation	Connections are established at a rate higher than the rate limit. The message is output only at the first time if the event takes place consecutively.
Recommended action	No action is required.

CONTEXT messages

This section contains context messages.

CAR_MODIFY

Message text	-Context=[UINT]; The throughput of context [STRING]([UINT]) is changed to [UINT] kbps/pps.
Variable fields	$1: Context ID. $2: Context name. $3: Context ID. $4: Throughput threshold of the context.
Severity level	6
Example	For the default context: CAR/6/CAR_MODIFY: The throughput of context slb128(128) is changed to 66666 pps. For a non-default context: CAR/6/CAR_MODIFY: -Context=128; The throughput of context slb128(128) is changed to 66666 pps.
Explanation	The throughput threshold of a context changed.
Recommended action	No action is required.

CAR_DESTROY

Message text	-Context=[UINT]; The throughput of context [STRING]([UINT]) is changed to default.
Variable fields	$1: Context ID. $2: Context name. $3: Context ID.
Severity level	6
Example	For the default context: CAR/6/CAR_DESTROY: The throughput of context slb128(128) is changed to default. For a non-default context: CAR/6/CAR_ DESTROY:-Context=128; The throughput of context slb128(128) is changed to default.
Explanation	The default throughput threshold was restored for a context.
Recommended action	No action is required.

SIB_BROADCAST_DROP

Message text	Dropped [UINT] broadcast packets of context [UINT].
Variable fields	$1: Number of dropped broadcast packets. $2: Context ID.
Severity level	6
Example	SIB/6/SIB_BROADCAST_DROP: Dropped 65478 broadcast packets of context 1.
Explanation	Some broadcast packets were dropped on a context.
Recommended action	No action is required.

SIB_MAC_DUPLICATE

Message text	The new MAC address ([STRING]) of interface [STRING] is already used as the VRRP group MAC address on interface [STRING] of context = [UINT].
Variable fields	$1: MAC address. $2: Interface name. $3: Interface name. $4: Context ID.
Severity level	3
Example	SIB/3/SIB_MAC_DUPLICATE: The new mac address（a234-2345-0902） of interface GigabitEthernet1/0/0 duplicate with virtual MAC address of interface GigabitEthernet1/0/1, context = 2.
Explanation	The new physical MAC address of an interface is the same as the virtual MAC address of another interface in a VRRP group on a context.
Recommended action	Change the physical MAC address of the interface.

SIB_MAC_DUPLICATE

Message text	The VRRP group MAC address ([STRING]) is already used as the MAC address of interface [STRING] on context = [UINT].
Variable fields	$1: MAC address. $2: Interface name. $3: Context ID.
Severity level	3
Example	SIB/3/SIB_MAC_DUPLICATE: The vrrp mac address(a234-2345-0902) and mac address of interface GigabitEthernet1/0/0 is duplication, context = 2.
Explanation	On a context, the virtual MAC address of an interface in a VRRP group is the same as the physical MAC address of the interface.
Recommended action	Change the virtual MAC address of the interface in the VRRP group.

SIB_MULTICAST_DROP

Message text	Dropped [UINT] multicast packets of context [UINT].
Variable fields	$1: Number of dropped multicast packets. $2: Context ID.
Severity level	6
Example	SIB/6/SIB_MULTICAST_DROP: Dropped 750036 multicast packets of context 1.
Explanation	Some multicast packets were dropped on a context.
Recommended action	No action is required.

DAC

This section contains data analysis center (DAC) messages.

DAC_STORE_STATE_STOREFULL

Message text	DPI/4/DAC_STORE_STATE_STOREFULL: The total storage usage reached 98%.
Severity level	4
Example	DPI/4/DAC_STORE_STATE_STOREFULL: The total storage usage reached 98%.
Explanation	The total storage usage of the data analysis center reached 98%.
Recommended action	No action is required.

DAC_STORE_STATE_FULL

Message text	DPI/4/DAC_STORE_STATE_FULL: The [STRING] alarm threshold (AlarmThreshold(1121)=[STRING]) for StoreName(1119)=[STRING] was reached.
Variable fields	$1: Threshold type: · storage time-based. · storage space-based. $2: Threshold value. $3: Service name.
Severity level	4
Example	DPI/4/DAC_STORE_STATE_FULL: The storage space-based alarm threshold (AlarmThreshold(1121)=80%) for StoreName(1119)=audit was reached. DPI/4/DAC_STORE_STATE_FULL: The storage time-based alarm threshold (AlarmThreshold(1121)=30 days) for StoreName(1119)=audit was reached.
Explanation	The data analysis center checks the data of each service to determine if the storage time- or storage space-based threshold is reached on an per 5 minute basis. A log is generated if the storage time- or storage space-based threshold of a service is reached.
Recommended action	No action is required.

DAC_STORE_DELETE_FILE

Message text	DPI/4/DAC_STORE_DELETE_FILE: Deleted data from the storage space of the [STRING] service because the [STRING] alarm threshold was reached.
Variable fields	$1: Service name. $2: Threshold type: · storage time-based. · storage space-based.
Severity level	4
Example	DPI/4/DAC_STORE_DELETE_FILE: Deleted data from the storage space of the audit service because the storage time-based alarm threshold was reached.
Explanation	This message is sent when one of the following events occur: · The expired data of a service was deleted when the storage time-based threshold was reached. · The earliest data was deleted when the storage space-based threshold was reached.
Recommended action	No action is required.

DAC_HDD_FULL

Message text	DPI/4/DAC_HDD_FULL: New logs will be saved in [STRING] because less than 1 GB of free space is left in the disk.
Variable fields	$1: Name of the storage media file system: · hda0:. · hda1:. · hdb0:. · hdb1:. · usba0:. · usbb0:. · usbc0:. · memory.
Severity level	4
Example	DPI/4/DAC_OP_REPORT: New logs will be saved in memory because less than 1 GB of free space is left in the disk.
Explanation	The data analysis center will save new service data in memory because less than 1 GB of free space was left in the disk.
Recommended action	No action is required.

DEV messages

This section contains device management messages.

AUTOSWITCH_FAULT

Message text	[STRING] automatically switches between active and standby, and a fault occurs during the switching.
Variable fields	$1: Chassis number or the device.
Severity level	1
Example	DEV/1/ AUTO_SWITCH_FAULT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, please contact technical support.
Explanation	A fault occurred during an automatic active/standby switchover of a device.
Recommended action	1. Manually restart the device to clear the fault. 2. Before restarting the device, execute the display diagnostic-information command to collect and save diagnostic information for troubleshooting. 3. After the device restart, execute the display device command to identify the device status. If the device status is not Normal, contact H3C Support.

AUTOSWITCH_FAULT_REBOOT

Message text	[STRING] automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart [STRING] to restore the fault.
Variable fields	$1: Chassis number or the device. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/AUTO_SWITCH_FAULT_REBOOT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart chassis 1 slot 0 to restore the fault.
Explanation	A fault occurred during an active/standby switchover of a device. The device will automatically restart the faulty card to clear the fault.
Recommended action	Execute the display device command after the faulty card restarts to identify the card status. If the card status is not Normal, contact H3C Support.

BOARD_ALARM_CLEAR

Message text	Board alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/BOARD_ALARM_CLEAR: Board alarm cleared. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.)
Explanation	A card alarm was cleared.
Recommended action	No action is required.

BOARD_ALARM_OCCUR

Message text	Board alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/BOARD_ALARM_OCCUR: Board alarm occurred. (PhysicalIndex=140, PhysicalName=Level 1 Module 9 on Chassis 1, RelativeResource=1, ErrorCode=441002, Reason=FPGA load failed.)
Explanation	A card alarm occurred.
Recommended action	For more information, review related alarm information, or contact H3C Support.

BOARD_FATALALARM_OCCUR

Message text	Board fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/BOARD_FATALALARM_OCCUR: Board fatal alarm occurred. (PhysicalIndex=180136, PhysicalName=Level 1 Module 5 on Chassis 2, RelativeResource=2/5/0, ErrorCode=000008, Reason=System can't work without SFU board in slot 1.)
Explanation	This message was generated in one of the following situations: · The system cannot operate correctly because a slot is not installed with the correct card. · The system is not installed with the correct type of fabric modules or service modules. · For more information, see the fault description.
Recommended action	Execute the display device command to display the fabric module status. If the fabric module status is Normal, but the fault is still present, contact H3C Support.

BOARD_REBOOT

Message text	Board is rebooting on [STRING].
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	DEV/5/BOARD_REBOOT: Board is rebooting on slot 1.
Explanation	A card was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the card starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact H3C Support.

BOARD_REMOVED

Message text	Board was removed from [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	3
Example	DEV/3/BOARD_REMOVED: Board was removed from slot 1, type is LSQ1FV48SA.
Explanation	An LPU or a standby MPU was removed from a member device, causing the device to leave the IRF fabric.
Recommended action	If the LPU or MPU was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. Reboot the device to make it join the IRF fabric. 4. If the issue persists, contact H3C Support.

BOARD_RUNNING_FAULT

Message text	[STRING] is detected to be faulty.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/ BOARD_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, please contact technical support.
Explanation	A card is faulty during the device operation.
Recommended action	1. Manually reboot the card to clear the fault. 2. Before rebooting the card, execute the display diagnostic-information command to collect and save diagnostic information for troubleshooting. 3. After the card reboots, execute the display device command to identify the card status. If the card status is not Normal, contact H3C Support.

BOARD_RUNNING_FAULT_REBOOT

Message text	[STRING] is detected to be faulty, the device will immediately restart [STRING] to recover from the fault.
Variable fields	$1: Chassis number and slot number or slot number. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/ BOARD_RUNNING_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, the device will immediately restart chassis 1 slot 0 to recover from the fault.
Explanation	A card is faulty during device operation, and the device will reboot the card immediately to clear the fault.
Recommended action	If the issue persists, contact H3C Support.

BOARD_STATE_FAULT

Message text	Board state changed to Fault on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	2
Example	DEV/2/BOARD_STATE_FAULT: Board state changed to Fault on slot 1, type is LSQ1FV48SA.
Explanation	The card was starting up (initializing or loading software) or was not operating correctly.
Recommended action	· If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes. · If the card was not newly installed, contact H3C Support.

BOARD_STATE_NORMAL

Message text	Board state changed to Normal on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	5
Example	DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA.
Explanation	A newly installed LPU or standby MPU completed initialization (on a single-CPU card) or the main CPU completed initialization (on a multi-CPU card).
Recommended action	No action is required.

CFCARD_INSERTED

Message text	CF card was inserted in [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: CF card slot number.
Severity level	4
Example	DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1.
Explanation	A CF card was installed.
Recommended action	No action is required.

CFCARD_REMOVED

Message text	CF card was removed from [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: CF card slot number.
Severity level	3
Example	DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1.
Explanation	A CF card was removed.
Recommended action	If the CF card was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. If the issue persists, contact H3C Support.

CHASSIS_REBOOT

Message text	Chassis [INT32] is rebooting now.
Variable fields	$1: Chassis number.
Severity level	5
Example	DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now.
Explanation	The chassis was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurs, perform the following tasks: 1. Execute the display version command after the chassis starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact H3C Support.

DEV_CLOCK_CHANGE

Message text	-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING].
Variable fields	$1: Username of the login user. $2: IP address of the login user. $3: Old time. $4: New time.
Severity level	5
Example	DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013.
Explanation	The system time changed.
Recommended action	No action is required.

DEV_FAULT_TOOLONG

Message text	Card in [STRING] is still in Fault state for [INT32] minutes.
Variable fields	$1: Chassis number and slot number or slot number. $2: Time duration during which the card stayed in Fault state.
Severity level	4
Example	DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes.
Explanation	A card stayed in Fault state for a long period of time.
Recommended action	1. Reboot the card. 2. If the issue persists, contact H3C Support.

FAN_ABSENT

Message text	Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [INT32] fan [INT32] is absent.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	3
Example	DEV/3/FAN_ABSENT: Fan 2 is absent.
Explanation	A fan tray was not in place.
Recommended action	1. Check the fan tray slot: 2. If the fan tray slot is empty, the temperature might have increased and the system recommends that you install a fan tray. 3. If a fan tray is present, verify that the fan tray is securely seated. 4. Replace the fan tray if the message persists. 5. If the issue persists, contact H3C Support.

FAN_ALARM_CLEAR

Message text	Fan alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/FAN_ALARM_CLEAR: Fan alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.)
Explanation	A fan tray alarm was cleared.
Recommended action	No action is required.

FAN_ALARM_OCCUR

Message text	Fan alarm occurred. ( PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/FAN_ALARM_OCCUR: Fan alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300020, Reason=Fan tray is not present.)
Explanation	A fan tray alarm occurred.
Recommended action	1. Re-install the fan tray that operates incorrectly. 2. Replace the fan tray. 3. If the issue persists, contact H3C Support.

FAN_DIRECTION_NOT_PREFERRED

Message text	Fan [INT32] airflow direction is not preferred on [STRING], please check it.
Variable fields	$1: Fan tray number. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 1, please check it.
Explanation	The airflow direction of the fan tray is different from the airflow direction setting.
Recommended action	1. Verify that the airflow direction setting is correct. 2. Verify that the fan tray model provides the same airflow direction as the configured setting. 3. If the issue persists, contact H3C Support.

FAN_FAILED

Message text	Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [INT32] fan [INT32] failed.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	2
Example	DEV/2/FAN_FAILED: Fan 2 failed.
Explanation	The fan tray stopped because of an exception.
Recommended action	Replace the fan tray.

FAN_FATALALARM_CLEAR

Message text	Fan fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/FAN_FATALALARM_CLEAR: Fan warning alarm cleared. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan resumed running.)
Explanation	A fatal fan tray alarm was cleared.
Recommended action	Contact H3C Support.

FAN_FATALALARM_OCCUR

Message text	Fan fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	1
Example	DEV/1/FAN_FATALALARM_OCCUR: Fan fatal alarm occurred. (PhysicalIndex=199, PhysicalName=Fan 2, RelativeResource=0, ErrorCode=300016, Reason=The fan stopped running.)
Explanation	A fatal fan tray alarm occurred.
Recommended action	Contact H3C Support.

FAN_RECOVERED

Message text	Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [INT32] fan [INT32] recovered.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	5
Example	DEV/5/FAN_RECOVERED: Fan 2 recovered.
Explanation	The fan tray started to operate correctly after it was installed.
Recommended action	No action is required.

MAD_ DETECT

Message text	Multi-active devices detected, please fix it.
Variable fields	N/A
Severity level	1
Example	DEV/1/MAD_DETECT: Multi-active devices detected, please fix it.
Explanation	Multiple member devices were found active.
Recommended action	1. Use the display irf command to view which member devices have left the original IRF fabric. 2. Use the display irf link command to locate the IRF link with issues. 3. Fix the IRF link in DOWN state.

MAD_PROC

Message text	[STRING] protocol detected MAD conflict: Local health value=[UINT32], Peer health value=[UINT32].
Variable fields	$1: Protocol that detected the MAD conflict, ARP, ND, LACP, or BFD. $2: Current health value of the local IRF. $3: Current health value of the peer IRF.
Severity level	6
Example	DEV/6/MAD_PROC: ARP protocol detected MAD conflict: Local health value=1, Peer health value=0.
Explanation	ARP, ND, LACP, or BFD detected a MAD conflict on the IRF fabric. A health value of 0 indicates that the IRF fabric is healthy. A greater health value indicates a worse health situation.
Recommended action	No action is required.

POWER_ABSENT

Message text	Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [INT32] power [INT32] is absent.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	3
Example	DEV/3/POWER_ABSENT: Power 1 is absent.
Explanation	A power supply was removed.
Recommended action	1. Check the power supply slot. 2. If the power supply slot is empty, install a power supply. 3. If a power supply is present, verify that the power supply is securely seated. 4. If the issue persists, replace the power supply. 5. If the issue persists, contact H3C Support.

POWER_ALARM_CLEAR

Message text	Power alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/POWER_ALARM_CLEAR: Power alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.)
Explanation	A power supply alarm was cleared.
Recommended action	No action is required.

POWER_ALARM_OCCUR

Message text	Power alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	2
Example	DEV/2/POWER_ALARM_OCCUR: Power alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=233001, Reason=Overtemperature occurred on the power supply.)
Explanation	A power supply alarm was cleared.
Recommended action	1. Execute the display power command to display the power supply status. 2. If the power supply status is Absent, verify that the power supply is installed correctly. 3. Replace the power supply. 4. If the issue persists, contact H3C Support.

POWER_WARNING_CLEAR

Message text	Power warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	4
Example	DEV/4/POWER_WARNING_CLEAR: Power warning alarm cleared. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.)
Explanation	A warning power supply alarm was cleared.
Recommended action	No action is required.

POWER_WARNING_OCCUR

Message text	Power warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description.
Severity level	4
Example	DEV/4/POWER_WARNING_OCCUR: Power warning alarm occurred. (PhysicalIndex=163, PhysicalName=Unknown Power 2, RelativeResource=0, ErrorCode=200037, Reason=No enough power to power on the board in chassis $1 slot $2. Required power is $3 W, available power is $4 W.)
Explanation	A warning power supply alarm occurred.
Recommended action	Replace the power supply or contact H3C Support.

POWER_FAILED

Message text	Pattern 1: Power [INT32] failed. Pattern 2: Chassis [INT32] power [INT32] failed.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	2
Example	DEV/2/POWER_FAILED: Power 1 failed.
Explanation	A power supply failed.
Recommended action	Replace the power supply.

POWER_FAILED_SHUTDOWN

Message text	Pattern 1: Power [INT32] shutdown. Reason: temperature of the power is too high. Pattern 2: Chassis [INT32] power [INT32] shutdown. Reason: temperature of the power is too high.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	2
Example	DEV/2/POWER_FAILED_SHUTDOWN: Power 1 shutdown. Reason: temperature of the power is too high.
Explanation	A power supply was shut down because its temperature is too high. The status of the power supply changed to FAILED.
Recommended action	Verify that the power supply is well ventilated and cooled.

POWER_MONITOR_ABSENT

Message text	Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [INT32] power monitor unit [INT32] is absent.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	3
Example	DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent.
Explanation	A power monitoring module was removed.
Recommended action	1. Check the power monitoring module slot. ¡ If the power monitoring module slot is empty, install a power monitoring module. ¡ If a power monitoring module is present, verify that the power monitoring module is securely seated. 2. If the issue persists, replace the power monitoring module. 3. If the issue persists, contact H3C Support.

POWER_MONITOR_FAILED

Message text	Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [INT32] power monitor unit [INT32] failed.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	2
Example	DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed.
Explanation	A power monitoring module failed.
Recommended action	Replace the power monitoring module.

POWER_MONITOR_RECOVERED

Message text	Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [INT32] power monitor unit [INT32] recovered.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	5
Example	DEV/5/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered.
Explanation	The power monitoring module started to operate correctly after it was installed.
Recommended action	No action is required.

POWER_RECOVERED

Message text	Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [INT32] power [INT32] recovered.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	5
Example	DEV/5/POWER_RECOVERED: Power 1 recovered.
Explanation	The power supply started to operate correctly after it was installed.
Recommended action	No action is required.

RPS_ABSENT

Message text	Pattern 1: RPS [INT32] is absent. Pattern 2: Chassis [INT32] RPS [INT32] is absent.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	3
Example	DEV/3/RPS_ABSENT: RPS 1 is absent.
Explanation	An RPS was removed.
Recommended action	1. Check the RPS slot. ¡ If the RPS slot is empty, install an RPS. ¡ If an RPS is present, verify that the RPS is securely seated. 2. If the issue persists, replace the RPS. 3. If the issue persists, contact H3C Support.

RPS_NORMAL

Message text	Pattern 1: RPS [INT32] is normal. Pattern 2: Chassis [INT32] RPS [INT32] is normal.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	5
Example	DEV/5/RPS_NORMAL: RPS 1 is normal.
Explanation	The RPS started to operate correctly after it was installed.
Recommended action	No action is required.

SUBCARD_FAULT

Message text	Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	2
Example	DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	The subcard failed, or its status changed to Fault after it was rebooted.
Recommended action	Track the status of the subcard. · If the status of the subcard changes to Normal later, no action is required. · If the status is always Fault, replace the subcard.

SUBCARD_INSERTED

Message text	Subcard was inserted in [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	4
Example	DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was installed.
Recommended action	No action is required.

SUBCARD_REBOOT

Message text	Subcard is rebooting on [STRING] subslot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number.
Severity level	5
Example	DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1.
Explanation	The subcard was manually or automatically rebooted.
Recommended action	· If the subcard operates correctly after it starts up, no action is required. · If you want to know the reboot reason or the subcard keeps rebooting, contact H3C Support.

SUBCARD_REMOVED

Message text	Subcard was removed from [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	3
Example	DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was removed.
Recommended action	If the subcard was not manually removed, perform the following tasks: 1. Verify that the subcard is securely seated. 2. Replace the subcard if the message persists. 3. If the issue persists, contact H3C Support.

SYSTEM_REBOOT

Message text	System is rebooting now.
Variable fields	N/A
Severity level	5
Example	DEV/5/SYSTEM_REBOOT: System is rebooting now.
Explanation	The system was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the system starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact H3C Support.

TEMPERATURE_ALARM

Message text	Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1. Current temperature is 80 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_ALARM_CLEAR

Message text	Temperature alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/TEMPERATURE_ALARM_CLEAR: Temperature alarm cleared. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature restored, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=31.)
Explanation	A temperature alarm was cleared.
Recommended action	No action is required.

TEMPERATURE_ALARM_OCCUR

Message text	Temperature alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/TEMPERATURE_ALARM_OCCUR: Temperature alarm occurred. (PhysicalIndex=4011, PhysicalName=Temperature Sensor 1 on Board 0, RelativeResource=0/0, ErrorCode=433009, Reason=Board temperature out of range, ThresholdType=LowAlarm, ThresholdValue=7, CurrentValue=3.)
Explanation	A temperature alarm occurred.
Recommended action	Make sure the ambient temperature is normal.

TEMPERATURE_LOW

Message text	Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1. Current temperature is -10 degrees centigrade.
Explanation	A sensor's temperature fell below the low-temperature threshold.
Recommended action	Adjust the ambient temperature higher.

TEMPERATURE_NORMAL

Message text	Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	5
Example	DEV/5/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1.
Explanation	A sensor's temperature was normal (between the low-temperature threshold and the high-temperature warning threshold).
Recommended action	No action is required.

TEMPERATURE_SHUTDOWN

Message text	Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	2
Example	DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically. Current temperature is 60 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	3. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 4. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_WARNING

Message text	Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1. Current temperature is 50 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TIMER_CREATE_FAILED_FIRST

Message text	The process with PID [UINT] failed to create a timer. Reason for the failure:[STRING].
Variable fields	$1: PID of the process. $2: Reason for the first timer creation failure. The value is "Maximum number of timers already reached."
Severity level	4
Example	DEV/4/TIMER_CREATE_FAILED_FIRST: The process with PID 70 failed to create a timer. Reason for the failure: Maximum number of timers already reached.
Explanation	The system outputs this message when a process fails to create a timer for the first time. The system uses the following mechanism to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. · The TIMER_CREATE_FAILED_MORE message records last time when the timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes.
Recommended action	1. Restart the device to recover the service module corresponding to the process. 2. If the issue persists, contact H3C Support.

TIMER_CREATE_FAILED_MORE

Message text	The process with PID [UINT] failed to create a timer:[UINT] consecutive failures since [STRING].Reason for the failure:[STRING].
Variable fields	$1: PID of the process. $2: Number of timer creation failures between the last and current messages that report time creation failures. $3: Last time when the creation failure log message was generated. $4: Reason for this timer creation failure. The value is "Maximum number of timers already reached."
Severity level	4
Example	DEV/4/TIMER_CREATE_FAILED_MORE: The process with PID 70 failed to create a timer:2 consecutive failures since 2019/11/21 16:00:00.Reason for the failure: Maximum number of timers already reached.
Explanation	The system outputs this message when a process fails to create a timer again 15 minutes after the first-time creation failure. The system uses the following mechanism to avoid frequent output of messages that report timer creation failures: · The system outputs a TIMER_CREATE_FAILED_FIRST message when a process fails to create a timer for the first time. · If a timer creation failure occurs again 15 minutes after the first failure, the system outputs a TIMER_CREATE_FAILED_MORE message. · The TIMER_CREATE_FAILED_MORE message records last time when the timer creation failure message was generated, and the number of timer creation failures between the last and current messages that report timer creation failures. The system does not generate log messages about timer creation failures that occurred within the 15 minutes.
Recommended action	1. Restart the device to recover the service module corresponding to the process. 2. If the issue persists, contact H3C Support.

VCHK_VERSION_INCOMPATIBLE

Message text	Software version of [STRING] is incompatible with that of the MPU.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with that of the MPU.
Explanation	A PEX that was starting up detected that its software version is incompatible with the parent device's software version.
Recommended action	Specify a set of startup software images for the PEX. Make sure the images are compatible with the parent device's software images.

VOLTAGE_ALARM_CLEAR

Message text	Voltage alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/VOLTAGE_ALARM_CLEAR: Voltage alarm cleared. (PhysicalIndex=199, PhysicalName=Voltage 2, RelativeResource=0, ErrorCode=420003, Reason=Voltage fell below the high output voltage warning threshold. )
Explanation	A voltage alarm was cleared.
Recommended action	No action is required.

VOLTAGE_ALARM_OCCUR

Message text	Voltage alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value. $8: Current value.
Severity level	2
Example	DEV/2/VOLTAGE_ALARM_OCCUR: Voltage alarm occurred. (PhysicalIndex=4043, PhysicalName=Voltage Sensor 0 on Board 0, RelativeResource=0/0, ErrorCode=420005, Reason=Voltage exceeded the high output voltage shutdown threshold., ThresholdType=LowAlarm, ThresholdValue=1031, CurrentValue=0.)
Explanation	A voltage alarm occurred.
Recommended action	Contact H3C Support.

VOLTAGE_FATALALARM_CLEAR

Message text	Voltage fatal alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value in units. $8: Current value in units.
Severity level	1
Example	DEV/1/VOLTAGE_FATALALARM_CLEAR: Voltage fatal alarm cleared. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason= Board powered up, ThresholdType=HighAlarm, ThresholdValue= INVALID, CurrentValue= INVALID)
Explanation	A fatal voltage alarm was cleared.
Recommended action	No action is required.

VOLTAGE_FATALALARM_OCCUR

Message text	Voltage fatal alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]> , ThresholdType=<[STRING]>, ThresholdValue=<[STRING]>, CurrentValue=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location information. $4: Fault code. $5: Fault reason description. $6: Threshold type. $7: Threshold value in units. $8: Current value in units.
Severity level	1
Example	DEV/1/VOLTAGE_FATALALARM_OCCUR: Voltage fatal alarm occurred. (PhysicalIndex=5683, PhysicalName=Voltage Sensor 2 on Board 14, RelativeResource=0/14, ErrorCode=420001, Reason=Board failed to power up, ThresholdType=HighAlarm, ThresholdValue=INVALID, CurrentValue= INVALID)
Explanation	A fatal voltage alarm occurred.
Recommended action	1. Execute the display voltage command to verify that the power provided by the power supplies meets the device requirements. 2. If the issue persists, contact H3C Support.

DFILTER messages

This section contains data filtering syslog and fast log messages.

DFILTER_IPV4_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)= [STRING];UserName(1113)=[STRING];Action(1053)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13: Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop. $14: File name.
Severity level	6
Example	DFILTER/6/DFILTER_IPV4_LOG: Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPAddr(1003)=21.22.23.20;SrcPort(1004)=51396;DstIPAddr(1007)=25.26.27.20;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=abc;Action(1053)=drop;FileName(1097)=123.txt;
Explanation	An IPv4 packet matched a data filtering rule.
Recommended action	No action is required.

DFILTER_IPV6_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)= [STRING];UserName(1113)=[STRING];Action(1053)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13:Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop. $14: File name.
Severity level	6
Example	DFILTER/6/DFILTER_IPV6_LOG: Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=aaa;Action(1053)=drop;FileName(1097)=123.txt;
Explanation	An IPv6 packet matched a data filtering rule.
Recommended action	No action is required.

DFILTER_MATCH_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];KeywordGroup(1179)=[STRING];KeywordContent(1181)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13: Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop. $14: Keyword group name. $15: Keyword content. ¡ For a keyword in predefined pattern, the keyword content is displayed in the format of keyword-name:keyword-content. Part of the content is hidden with asterisks (*). ¡ For a keyword in user-defined pattern, the keyword content is displayed completely. $16: File name.
Severity level	6
Example	DFILTER/6/DFILTER_MATCH_IPV4_LOG: Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPAddr(1003)=21.22.23.20;SrcPort(1004)=51396;DstIPAddr(1007)=25.26.27.20;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=abc;Action(1053)=drop;KeywordGroup(1179)=3;KeywordContent(1181)=id-card-number:1101*,1501,phone-number:1353**;FileName(1097)=123.txt;
Explanation	An IPv4 packet matched a data filtering rule.
Recommended action	No action is required.

DFILTER_MATCH_IPV6_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];KeywordGroup(1179)=[STRING];KeywordContent(1181)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13:Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop. $14: Keyword group name. $15: Keyword content. ¡ For a keyword in predefined pattern, the keyword content is displayed in the format of keyword-name:keyword-content. Part of the content is hidden with asterisks (*). ¡ For a keyword in user-defined pattern, the keyword content is displayed completely. $16: File name.
Severity level	6
Example	DFILTER/6/DFILTER_MATCH_IPV6_LOG: Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=aaa;Action(1053)=drop;KeywordGroup(1179)=3;KeywordContent(1181)=id-card-number:1101*,1501,phone-number:1353**;FileName(1097)=123.txt;
Explanation	An IPv6 packet matched a data filtering rule.
Recommended action	No action is required.

DHCP

This section contains DHCP messages.

DHCP_NOTSUPPORTED

Message text	Failed to apply filtering rules for DHCP packets because some rules are not supported.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported.
Explanation	The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device.
Recommended action	No action is required.

DHCP_NORESOURCES

Message text	Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Explanation	The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient.
Recommended action	Release hardware resources and then apply the rules again.

DHCPS messages

This section contains DHCP server messages.

DHCPS_ALLOCATE_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs.
Severity level	5
Example	DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool.
Explanation	The DHCP server assigned an IPv4 address with a lease to a DHCP client.
Recommended action	No action is required.

DHCPS_CONFLICT_IP

Message text	A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING].
Variable fields	$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured.
Severity level	5
Example	DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface Ethernet0/2.
Explanation	The DHCP server deleted a conflicting IPv4 address from an address pool.
Recommended action	No action is required.

DHCPS_EXTEND_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]).
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a).
Explanation	The DHCP server extended the lease for a DHCP client.
Recommended action	No action is required.

DHCPS_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS_RECLAIM_IP

Message text	DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]).
Variable fields	$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a).
Explanation	The DHCP server reclaimed the IPv4 address assigned to a DHCP client.
Recommended action	No action is required.

DHCPS_VERIFY_CLASS

Message text	Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC];
Variable fields	$1: Type of the packet. $2: Hardware address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_VERIFY_CLASS: Illegal DHCP client-PacketType= DHCPDISCOVER-ClientAddress=0000-5e01-0104;
Explanation	The DHCP server verified that the DHCP client was not on the user class whitelist.
Recommended action	Check the validity of the DHCP client.

DHCPS6 messages

This section contains DHCPv6 server messages.

DHCPS6_ALLOCATE_ADDRESS

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_ALLOCATE_PREFIX

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_CONFLICT_ADDRESS

Message text	A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING].
Variable fields	$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured.
Severity level	5
Example	DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2.
Explanation	The DHCPv6 server deleted a conflicting IPv6 address from an address pool.
Recommended action	No action is required.

DHCPS6_EXTEND_ADDRESS

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the address lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_PREFIX

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the prefix lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS6_RECLAIM_ADDRESS

Message text	DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_RECLAIM_PREFIX

Message text	DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPSP4

This section contains DHCP snooping messages.

DHCPSP4_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPSP6

This section contains DHCPv6 snooping messages.

DHCPSP6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DIAG messages

This section contains diagnostic messages.

CORE_EXCEED_THRESHOLD

Message text	Usage of CPU [int]core [int] exceeded the threshold ([string]).
Variable fields	$1: CPU number. $2: CPU core number. $3: CPU core usage threshold.
Severity level	1
Example	DIAG/1/CORE_EXCEED_THRESHOLD: Usage of CPU 0 core 2 exceeded the threshold (1%).
Explanation	The device samples CPU core usage at intervals and calculates the average value during each CPU core usage statistics interval. If the value during an interval is greater than the CPU core usage threshold, the device generates this log message.
Recommended action	If this message appears frequently, perform the tasks: 1. Execute the display process command to display process status information. 2. Execute the display cpu-usage configuration command to display the CPU core usage threshold settings. 3. Use the monitor cpu-usage threshold command to adjust the CPU core usage threshold settings as required.

CORE_RECOVERY

Message text	Core usage alarm CPU [int]core [int]removed.
Variable fields	$1: CPU number. $2: CPU core number.
Severity level	5
Example	DIAG/5/CORE_RECOVERY: Core usage alarm CPU 0 core 1 removed.
Explanation	The CPU core usage dropped below the CPU core usage threshold. The alarm was removed.
Recommended action	No action is required.

CPU_EXCEED_THRESHOLD

Message text	CPU usage threshold has been exceeded.
Variable fields	N/A
Severity level	1
Example	DIAG/1/CPU_EXCEED_THRESHOLD: CPU usage threshold has been exceeded.
Explanation	A CPU usage alarm occurred. This message is sent when the CPU usage exceeds the CPU usage alarm threshold.
Recommended action	Verify that appropriate CPU usage alarm thresholds are set. To view the CPU usage alarm thresholds, use the display current-configuration \| include "monitor cpu-usage threshold" command. To change the CPU usage alarm thresholds, use the monitor cpu-usage threshold command.

CPU_RECOVER_THRESHOLD

Message text	CPU usage has dropped down to normal levels.
Variable fields	N/A
Severity level	1
Example	DIAG/1/CPU_RECOVER_THRESHOLD: CPU usage has dropped down to normal levels.
Explanation	A CPU usage alarm was removed. This message is sent when the CPU usage drops to or below the CPU usage recovery threshold.
Recommended action	No action is required.

CPU_USAGE_LASTMINUTE

Message text	CPU usage was [STRING] in last minute.
Variable fields	$1: CPU usage in percentage.
Severity level	5
Example	DIAG/5/CPU_USAGE_LASTMINUTE: CPU usage was 10% in last minute.
Explanation	Average CPU usage in last minute.
Recommended action	No action is required.

DIAG_DEADLOOP_DETECT

Message text	Dead loop detected on [string] cpu [int] core [int].
Variable fields	$1: Chassis number and slot number or slot number. $2: CPU number. $3: CPU core number.
Severity level	0
Example	DIAG/0/ DIAG_DEADLOOP_DETECT: Deadloop detected on slot 1 cpu 0 core 0.
Explanation	A kernel thread deadloop was detected.
Recommended action	Troubleshoot the relevant processes.

DIAG_FD_UPLIMIT_REACHED

Message text	FD number upper limit already reached: Process name=[STRING], PID=[INTEGER].
Variable fields	$1: Name of a process. $2: ID of the process.
Severity level	4
Example	DIAG/4/DIAG_FD_UPLIMIT_REACHED: FD number upper limit already reached: Process name=snmpd, PID=244.
Explanation	The maximum number of file descriptors that a process can use has been reached.
Recommended action	No action is required.

DIAG_FD_UPLIMIT_TO_REACH

Message text	Number of FDs is about to reach the upper limit: Process name=[STRING], PID=[INTEGER].
Variable fields	$1: Name of a process. $2: ID of the process.
Severity level	4
Example	DIAG/4/DIAG_FD_UPLIMIT_TO_REACH: Number of FDs is about to reach the upper limit. Process name=snmpd, PID=244.
Explanation	The maximum number of file descriptors that a process can use was about to be reached.
Recommended action	No action is required.

DIAG_STORAGE_BELOW_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) has dropped below the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium, for example, flash. $2: Usage of the storage medium. $3: Usage threshold of the storage medium.
Severity level	4
Example	DIAG/4/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) has dropped below the threshold of 95%.
Explanation	The usage of the storage medium was below or equal to the threshold.
Recommended action	No action is required.

DIAG_STORAGE_EXCEED_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium, for example, flash. $2: Usage of the storage medium. $3: Usage threshold of the storage medium.
Severity level	4
Example	DIAG/4/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%.
Explanation	The usage of the storage medium exceeded the threshold.
Recommended action	For files not in use, for example, log files and history software packages, execute the delete /unreserved command to delete the files or back up the files and then execute the delete /unreserved command to delete the files.

MEM_ALERT

Message text	system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG]
Variable fields	· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory.
Severity level	4
Example	DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952
Explanation	A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device.

MEM_BELOW_THRESHOLD

Message text	Memory usage has dropped below [STRING] threshold.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold.
Explanation	A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold.
Recommended action	No action is required.

MEM_EXCEED_THRESHOLD

Message text	Memory [STRING] threshold has been exceeded.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded.
Explanation	A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device.

MEM_USAGE_EXCEED_THRESHOLD

Message text	Memory usage threshold has been exceeded.
Variable fields	N/A
Severity level	1
Example	DIAG/1/MEM_USAGE_EXCEED_THRESHOLD: Memory usage threshold has been exceeded.
Explanation	A memory usage alarm occurred. The message is sent when the memory usage exceeds the memory usage alarm threshold.
Recommended action	1. Verify that an appropriate memory alarm threshold is set. To view the memory alarm threshold, use the display memory-threshold command. To change the memory alarm threshold, use the memory-threshold usage command. 2. Verify that the device is not under attack by checking the ARP table and routing table. 3. Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device.

MEM_USAGE_RECOVER_THRESHOLD

Message text	Memory usage has dropped down to normal levels.
Variable fields	N/A
Severity level	1
Example	DIAG/1/MEM_USAGE_RECOVER_THRESHOLD: Memory usage has dropped down to normal levels.
Explanation	A memory usage alarm was removed. This message is sent when the memory usage drops to or below the memory usage alarm threshold.
Recommended action	No action is required.

MEM_USAGE

Message text	Current memory usage is [STRING].
Variable fields	$1: Memory usage in percentage.
Severity level	5
Example	DIAG/5/MEM_USAGE: Current memory usage is 10%.
Explanation	Current memory usage of the device.
Recommended action	No action is required.

DIM engine messages

This section contains DPI engine messages.

DIM_SIGNATURE_WARNING

Message text	DIM/4/DIM_SIGNATURE_WARNING: Failed to write a signature file to the flash memory due to insufficient storage space.
Severity level	4
Example	DPI/4/DIM_SIGNATURE_WARNING: Failed to write a signature file to the flash memory due to insufficient storage space.
Explanation	This message is generated when a signature library fails to be updated or rolled back due to insufficient storage space in the flash memory.
Recommended action	Release some storage space in the flash memory before updating or rolling back a signature library.

DIM_ACTIVE_WARNING

Message text	DIM/4/DIM_ACTIVE_WARNING: The device fails to activate the DPI engine due to insufficient memory space after the free-memory normal state threshold is reached. DPI services were no longer in effect.
Severity level	4
Example	DPI/4/DIM_ACTIVE_WARNING: The device fails to activate the DPI engine due to insufficient memory space after the free-memory normal state threshold is reached. DPI services were no longer in effect.
Explanation	This message is generated when the device fails to activate the DPI engine due to insufficient memory space.
Recommended action	Release some storage space and then execute the inspect activate command.

DLDP messages

This section contains DLDP messages.

DLDP_AUTHENTICATION_FAILED

Message text	The DLDP packet failed the authentication because of unmatched [STRING] field.
Variable fields	$1: Authentication field. · AUTHENTICATION PASSWORD—Authentication password mismatch. · AUTHENTICATION TYPE—Authentication type mismatch. · INTERVAL—Advertisement interval mismatch.
Severity level	5
Example	DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field.
Explanation	The packet authentication failed. Possible reasons include unmatched authentication type, unmatched authentication password, and unmatched advertisement interval.
Recommended action	Check the DLDP authentication type, authentication password, and advertisement interval are consistent with peer end.

DLDP_LINK_BIDIRECTIONAL

Message text	DLDP detected a bidirectional link on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface Ethernet1/1.
Explanation	DLDP detected a bidirectional link on an interface.
Recommended action	No action is required.

DLDP_LINK_UNIDIRECTIONAL

Message text	DLDP detected a unidirectional link on interface [STRING]. [STRING].
Variable fields	$1: Interface name. $2: Action according to the port shutdown mode: · DLDP automatically blocked the interface. · Please manually shut down the interface.
Severity level	3
Example	DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface Ethernet1/1. DLDP automatically blocked the interface.
Explanation	DLDP detected a unidirectional link on an interface.
Recommended action	Check for incorrect cable connection, cable falloff, or other problems.

DLDP_NEIGHBOR_AGED

Message text	A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface Ethernet1/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted an aged neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_CONFIRMED

Message text	A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	6
Example	DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ethernet1/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface detected a confirmed neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_DELETED

Message text	A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: Packet type, DISABLE or LINKDOWN. $3: MAC address. $4: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface Ethernet1/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted a confirmed neighbor because it received a DISABLE or LINKDOWN packet.
Recommended action	No action is required.

DLP

This section contains DLP messages.

DLP_ACTION_MAIL

Message text	DLPACT/6/DLP_ACTION_MAIL: DLP send mail to mail server [STRING] failed, please check your network and configuration.
Variable fields	$1: Mail server address.
Severity level	6
Example	DLPACT/6/DLP_ACTION_MAIL: DLP send mail to mail server "smtp.qq.com" failed, please check your network and configuration.
Explanation	Failed to send the email to the mail server.
Recommended action	No action is required.

DNS

This section contains DNS messages.

DNS_SNOOPING_LOG

Message text	UserName=[STRING], UserGroup=[STRING], SrcDeviceType=[STRING], SrcOs=[STRING], SrcMAC=[UINT64], SrcIPAddr=[UINT32], SrcPort=[UINT16], DstIPAddr=[UINT32], DstPort=[UINT16], Domain=[STRING], ResponseContent=[UINT32], Protocol=[UINT16], ReqByteCount=[UINT64], ResByteCount=[UINT64], ReqPktCount=[UINT64], ResPktCount=[UINT64], ResponseCode=[UINT4], ResquestID=[UINT16], ResponseID=[UINT16], ReqType=[UINT16], Direction=[UINT16], ResFirstAnswerTTL=[UINT32].
Variable fields	$1: Username. $2: User group name. $3: Device type. $4: Device operating system. $5: Source MAC address. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Domain name to translate. $11: Returned content. $12: Protocol. $13: Request bytes. $14: Response bytes. $15: Request packets. $16: Response packets. $17: Response code. Options include: · 0—Success. · 1—Invalid format. · 2—Invalid server. · 3—Invalid name. · 4—Type not supported by the domain name server. · 5—Request rejected by the domain name server because of policy configurations. For example, the domain name server does not respond to specific requesters. $18: Request ID. $19: Response ID. $20: Request type. $21: Packet direction. Options include: · 0—Request. · 1—Response. · 2—Bidirectional. $22: First TTL in the Answer field of the response.
Severity level	6
Example	DNS/6/DNS_SNOOPING_LOG: UserName=, UserGroup=, SrcDeviceType=, SrcOs=, SrcMAC=0000-0000-0000, SrcIPAddr=3.3.3.1, SrcPort=9931, DstIPAddr=3.3.3.2, DstPort=53, Domain=tt, ResponseContent=1.1.1.1, Protocol=17, ReqByteCount=20, ResByteCount=36, ReqPktCount=1, ResPktCount=1, ResponseCode=0, ResquestID=44569, ResponseID=44569, ReqType=1, Direction=2, ResFirstAnswerTTL=3600.
Explanation	The device outputs the log message to the fast log output module every 5 seconds or after a DNS session finishes (both request and response are received). Then, the fast log output module reports the message to the log host for other modules to analyze DNS traffic. For the system to output the log message, you must use the dns snooping log enable command to enable DNS snooping. For the log message to be sent to the log host successfully, you must use the customlog host command to configure fast log output parameters, and use the customlog format dns command to enable fast log output for DNS.
Recommended action	No action is required.

DOT1X messages

This section contains 802.1X messages.

DOT1X_LOGIN_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANId=[STRING]-UserName=[STRING] -ErrCode=[STRING]; The user failed the 802.1X authentication. Reason: [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code: ¡ 1—The user went offline. ¡ 2—Port status error. ¡ 3—Client reboot. This code is reserved for future use. ¡ 4—Reauthentication failure. ¡ 5—Deauthorization by the device. ¡ 6—Port went down and then came up again. ¡ 7—The user was logged off because the device and the server were inconsistent in authorization data. ¡ 8—Username or password error or lack of device information on the server. ¡ 9—Online handshake failure (the device has not received any handshake packets from the user). ¡ 10—The user was logged off by the idle cut feature. ¡ 11—The session timeout timer assigned by the server expired. ¡ 12—The server forcibly logged the user off. ¡ 13—Real-time accounting failure. ¡ 14—Other errors. ¡ 15—Offline caused by an interface event. $6: Failure cause: ¡ Authorization Mac-Address process failed. ¡ Authorization VLAN process failed. ¡ Authorization ACL process failed. ¡ Authorization UserProfile process failed.
Severity level	6
Example	DOT1X/6/DOT1X_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0001-0020-VLANId=2-Username=aaa-ErrCode=5; The user failed the 802.1X authentication. Reason: Authorization ACL process failed.
Explanation	The user failed 802.1X authentication.
Recommended action	Resolve the issue depending on the failure cause.

DOT1X_LOGIN_SUCC

Message text	-IfName=[STRING]-MACAddr=[STRING]-AccessVLANId=[STRING]-AuthorizationVLANId=[STRING]-Username=[STRING]; The user passed 802.1X authentication and got online successfully.
Variable fields	$1: Interface type and number. $2: MAC address. $3: ID of the VLAN through which the user accesses the device. $4: Authorization VLAN ID. $5: Username.
Severity level	6
Example	DOT1X/6/DOT1X_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANId=444-AuthorizationVLANId=444-Username=aaa; The user passed 802.1X authentication and got online successfully.
Explanation	The user passed 802.1X authentication.
Recommended action	No action is required.

DOT1X_LOGOFF

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANId=[STRING]-Username=[STRING]-ErrCode=[STRING]; Session of the 802.1X user was terminated.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: Error code: ¡ 1—The user went offline. ¡ 2—Port status error. ¡ 3—Client reboot. This code is reserved for future use. ¡ 4—Reauthentication failure. ¡ 5—Deauthorization by the device. ¡ 6—Port went down and then came up again. ¡ 7—The user was logged off because the device and the server were inconsistent in authorization data. ¡ 8—Username or password error or lack of device information on the server. ¡ 9—Online handshake failure (the device has not received any handshake packets from the user). ¡ 10—The user was logged off by the idle cut feature. ¡ 11—The session timeout timer assigned by the server expired. ¡ 12—The server forcibly logged the user off. ¡ 13—Real-time accounting failure. ¡ 14—Other errors. ¡ 15—Offline caused by an interface event.
Severity level	6
Example	DOT1X/6/DOT1X_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANId=444-Username=aaa-ErrCode=11; Session of the 802.1X user was terminated.
Explanation	The 802.1X user was logged off.
Recommended action	Resolve the issue depending on the logoff cause. If the logoff was requested by the user, no action is required.

DOT1X_NOTENOUGH_EADFREEIP_RES

Message text	Failed to assign a rule for Free IP [IPADDR] on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Free IP. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for Free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADFREERULE_RES

Message text	Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADPORTREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADMACREDIR_RES

Message text	Failed to issue a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING].
Variable fields	$1: Source MAC address of HTTP packets. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to issue a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2.
Explanation	The device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_ENABLEDOT1X_RES

Message text	Failed to enable 802.1X feature on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X feature on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	Failed to enable 802.1X on an interface because of ACL resource shortage.
Recommended action	Disable 802.1X on the interface, and then re-enable 802.1X.

DOT1X_NOTSUPPORT_EADFREEIP_RES

Message text	Failed to assign a rule for free IP [IPADDR] on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: IP address. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to permit a free IP on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADFREERULE_RES

Message text	Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to permit DHCP and DNS packets on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADMACREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Source MAC address of HTTP packets. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets with a specific source MAC address on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADPORTREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_UNICAST_NOT_EFFECTIVE

Message text	The unicast trigger feature is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2.
Explanation	The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger.
Recommended action	1. Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. 2. Enable the unicast trigger feature on the new interface.

DOT1X_WLAN_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; A user failed 802.1X authentication. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID. $7: Reason that causes the authentication failure: · AAA processed authentication request and returned error code code. The values for code include: ¡ 4—Represents the error of nonexistent authentication domain. ¡ 8—Represents one of the following errors: Configuration error exists in the authentication domain, the preshared key configured on the authentication server is different from the preshared key configured on the device, authentication port 1812 is unavailable, or the authentication server and the device cannot reach each other. ¡ 26—Represents one of the following errors: The username or password is incorrect, the authentication type is incorrect, the device IP address is not added to the authentication server, or the authentication domain is not correctly configured on the service template. · AAA processed authorization request and returned error code code. The value for code is 8, which indicates that the server and the device cannot reach each other. · Received logoff request from the client. · Client timeout timer expired. · Server timeout timer expired. · Received logoff request while authenticating the client. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received nonexistent authorization VLAN group. · Client kicked out on expiration of the idle-cut timer because its total traffic had not reached the required minimum amount of traffic. · Had failed to obtain the client IP address before the accounting delay timer expired. · Unknown reason.
Severity level	5
Example	DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; A user failed 802.1X authentication. Reason: AAA processed authentication request and returned error code 26.
Explanation	The client failed to pass 802.1X authentication for a specific reason.
Recommended action	To resolve the issue: 1. Troubleshoot errors according to the returned failure reason. 2. If the issue persists, contact H3C Support.

DOT1X_WLAN_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; A user passed 802.1X authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID.
Severity level	6
Example	DOT1X/6/DOT1X_WLAN_LOGIN_SUCC:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; A user passed 802.1X authentication and came online.
Explanation	The client came online after passing 802.1X authentication.
Recommended action	No action is required.

DOT1X_WLAN_LOGOFF

Message text	Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; Session for an 802.1X user was terminated. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID. $7: Reason that causes the client logoff. · AAA processed authentication request and returned error code code. Server reason: reason. If the server does not return the failure cause, the Server reason variable is not available. The values for code include: ¡ 4—Represents the error of nonexistent authentication domain. ¡ 8—Represents one of the following errors: Configuration error exists in the authentication domain, the preshared key configured on the authentication server is different from the preshared key configured on the device, authentication port 1812 is unavailable, or the authentication server and the device cannot reach each other. ¡ 26—Represents one of the following errors: The username or password is incorrect, the authentication type is incorrect, the device IP address is not added to the authentication server, or the authentication domain is not correctly configured on the service template. · AAA processed authorization request and returned error code code. Server reason: reason. If the server does not return the failure cause, the Server reason variable is not available. The value for code is 8, which indicates that the server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. Server reason: reason. If the server does not return the failure cause, the Server reason variable is not available. The value for code is 8, which indicates that the server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. Server reason: reason. If the server does not return the failure cause, the Server reason variable is not available. The value for code is 8, which indicates that the server and the device cannot reach each other. · Received logoff request from the client. · User timer expired. · Server timer expired. · Received logoff request while authenticating the client. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received disassociation frame in Run state: reason code=code. · Received deauthentication frame in Run state: reason code=code. · Received disassociation packet in Userauth state. · Received deauthentication packet in Userauth state. · Received client failure message with reason code=code. · Received client offline message with reason code=code. · Unknown reason.
Severity level	6
Example	DOT1X/6/DOT1X_WLAN_LOGOFF:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; Session for an 802.1X user was terminated. Reason: Received logoff request from the client.
Explanation	The 802.1X authenticated client was logged off for a specific reason.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the logoff cause and remove the issue. If the logoff was requested by the client, no action is required. 2. If the issue persists, contact H3C Support.

EDEV messages

This section contains messages for extended-device management.

EDEV_FAILOVER_GROUP_STATE_CHANGE

Message text	Status of stateful failover group [STRING] with ID [UINT32] changed to [STRING].
Variable fields	$1: Failover group name. $2: Failover group ID. $3: Failover group state.
Severity level	5
Example	EDEV/5/EDEV_FAILOVER_GROUP_STATE_CHANGE: Status of stateful failover group 123 with ID 0 changed to primary.
Explanation	The status of a failover group changed.
Recommended action	No action is required.

EIGRP messages

This section contains EIGRP messages.

RID_CHANGE

Message text	EIGRP [UINT32]: New elected router ID will take effect after EIGRP address family is reset.
Variable fields	$1: EIGRP process ID.
Severity level	5
Example	EIGRP/5/RID_CHANGE: EIGRP 1: New elected router ID will take effect after EIGRP address family is reset.
Explanation	A change of interface IP address causes the change of router ID for the EIGRP router. You must restart the EIGRP IPv4 address family to make the new router ID take effect.
Recommended action	Execute the reset eigrp process command to make the new router ID take effect.

PEER_CHANGE

Message text	EIGRP [UINT32]: Neighbor [STRING] ([STRING]) is [STRING]: [STRING].
Variable fields	$1: EIGRP process ID. $2: IP address of the neighbor router. $3: Interface that is connected to the neighbor router. $4: Neighbor state, Up or Down. $5: Reason for the EIGRP neighbor state change. For information about the neighbor state change reasons, see Table 1.
Severity level	5
Example	EIGRP/5/PEER_CHANGE: EIGRP 2: Neighbor 100.100.10.2 (GigabitEthernet1/0/1) is Up: New neighbor.
Explanation	The EIGRP neighbor state changed for a specific reason.
Recommended action	Take an action according to the neighbor state change reason. For more information, see Table 1.

Table 1 Neighbor state change reasons and recommended actions

Reason	Remarks	Recommended action
New neighbor	N/A	No action is required.
Interface down	N/A	Check the network connectivity.
Reset operation	The reset eigrp process or reset eigrp peer command was executed.	No action is required.
Delete operation	The process or address family was deleted.	No action is required.
Hold timer expired	N/A	Check the network status or check whether the hold timer is appropriate.
Maximum retransmission times reached	N/A	Check the network status.
Inconsistent K values	N/A	Check whether the K values are consistent on both ends.
Neighbor restart	N/A	Check the network status and check whether an operation that affects neighbor relationship has been performed on the neighbor router.
Stuck in active	N/A	Check the network status and CPU usage on the neighbor router.
Peer termination	The neighbor actively terminated the neighbor relationship.	Check whether an operation that affects neighbor relationship has been performed on the neighbor router.
Configuration changed	N/A	Check whether the configuration is correct.
Process switchover	EIGRP process switchover occurred.	No action is required.
Insufficient memory	The memory threshold was reached.	Check system memory and release available memory by adjusting the modules that occupy too much memory.

ERPS messages

This section contains ERPS messages.

ERPS_STATE_CHANGED

Message text	Ethernet ring [UINT16] instance [UINT16] changed state to [STRING]
Variable fields	$1: ERPS ring ID. $2: ERPS instance ID. $3: ERPS instance status.
Severity level	6
Example	ERPS/4/ERPS_STATE_CHANGED: Ethernet ring 1 instance 1 changed state to Idle.
Explanation	The status of the ERPS instance changed.
Recommended action	No action is required.

ETHOAM messages

This section contains Ethernet OAM messages.

ETHOAM_CONNECTION_FAIL_DOWN

Message text	The link is down on interface [string] because a remote failure occurred on peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_DOWN: The link is down on interface Ethernet1/0/1 because a remote failure occurred on peer interface.
Explanation	The link goes down because a remote failure occurred on the peer interface.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_TIMEOUT

Message text	Interface [string] removed the OAM connection because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Interface Ethernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out.
Explanation	The interface removed the OAM connection because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_UNSATISF

Message text	Interface [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Variable fields	$1: Interface name.
Severity level	3
Example	ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Interface Ethernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Explanation	Failed to establish an OAM connection because the peer does not match the OAM protocol state of the local interface.
Recommended action	Check the State field of the OAMPDUs sent from both ends.

ETHOAM_CONNECTION_SUCCEED

Message text	An OAM connection is established on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on interface Ethernet1/0/1.
Explanation	An OAM connection is established.
Recommended action	No action is required.

ETHOAM_DISABLE

Message text	Ethernet OAM is now disabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is disabled.
Recommended action	No action is required.

ETHOAM_DISCOVERY_EXIT

Message text	OAM interface [string] quit the OAM connection.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_DISCOVERY_EXIT: OAM interface Ethernet1/0/1 quit the OAM connection.
Explanation	The local interface ended the OAM connection.
Recommended action	No action is required.

ETHOAM_ENABLE

Message text	Ethernet OAM is now enabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is enabled.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLED

Message text	The local OAM entity enters remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlled DTE after you enable OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLING

Message text	The local OAM entity enters remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlling DTE after you enable OAM loopback on the interface.
Recommended action	No action is required.

ETHOAM_LOCAL_DYING_GASP

Message text	A local Dying Gasp event has occurred on [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A local Dying Gasp event occurs when you reboot the local device or shut down the interface.
Recommended action	Do not use the link until it recovers.

ETHOAM_LOCAL_ERROR_FRAME

Message text	An errored frame event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_LINK_FAULT

Message text	A local Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A local Link Fault event occurred when the local link goes down.
Recommended action	Re-connect the Rx end of the fiber on the local interface.

ETHOAM_LOOPBACK_EXIT

Message text	OAM interface [string] quit remote loopback.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM interface Ethernet1/0/1 quit remote loopback.
Explanation	The OAM interface ended remote loopback after one of the following events occurred: · Remote loopback was disabled on the interface before the OAM connection was established. · The established OAM connection was torn down.
Recommended action	No action is required.

ETHOAM_LOOPBACK_EXIT_ERROR_STATU

Message text	OAM interface [string] quit remote loopback due to incorrect multiplexer or parser status.
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM interface Ethernet1/0/1 quit remote loopback due to incorrect multiplexer or parser status.
Explanation	OAM interface Ethernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status.
Recommended action	Disable and then re-enable Ethernet OAM on the OAM entity.

ETHOAM_LOOPBACK_NO_RESOURCE

Message text	OAM interface [string] can’t enter remote loopback due to insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM interface Ethernet1/0/1 can’t enter remote loopback due to insufficient resources.
Explanation	The OAM interface cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity.
Recommended action	To enable remote loopback on an interface, you must set the hardware forwarding resources on the interface. Enabling remote loopback on a large number of interfaces might cause insufficient resources. Disable remote loopback on other interfaces, and execute the oam remote-loopback start command on the interface again.

ETHOAM_LOOPBACK_NOT_SUPPORT

Message text	OAM interface [string] can’t enter remote loopback because the operation is not supported.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM interface Ethernet1/0/1 can't enter remote loopback because the operation is not supported.
Explanation	The OAM interface cannot enter remote loopback because the operation is not supported on the device.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLED

Message text	The local OAM entity quit remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quit remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	As the Loopback Control OAMPDUs receiving end, the local end quit remote loopback after you disabled OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLING

Message text	The local OAM entity quit remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quit remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local end quit remote loopback after you disabled OAM loopback on the local interface.
Recommended action	No action is required.

ETHOAM_REMOTE_CRITICAL

Message text	A remote Critical event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on interface Ethernet1/0/1.
Explanation	A remote critical event occurred.
Recommended action	Do not use the link until it recovers.

ETHOAM_REMOTE_DYING_GASP

Message text	A remote Dying Gasp event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A remote Dying Gasp event occurred when you reboot the remote device and shut down the interface.
Recommended action	Do not use this link until it recovers.

ETHOAM_REMOTE_ERROR_FRAME

Message text	An errored frame event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the peer interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_SYMBOL

Message text	An errored symbol event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored symbol event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_EXIT

Message text	OAM interface [string] quit OAM connection because Ethernet OAM is disabled on the peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_REMOTE_EXIT: OAM interface Ethernet1/0/1 quit OAM connection because Ethernet OAM is disabled on the peer interface.
Explanation	The local interface ended the OAM connection because Ethernet OAM was disabled on the peer interface.
Recommended action	No action is required.

ETHOAM_REMOTE_FAILURE_RECOVER

Message text	Peer interface [string] recovered.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_REMOTE_FAILURE_RECOVER: Peer interface Ethernet1/0/1 recovered.
Explanation	The Link fault was cleared from the peer interface and the OAM connection was restored.
Recommended action	No action is required.

ETHOAM_REMOTE_LINK_FAULT

Message text	A remote Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A remote Link Fault event occurred when the remote link went down.
Recommended action	Reconnect the Rx end of the fiber on the remote interface.

ETHOAM_NO_ENOUGH_RESOURCE

Message text	The configuration failed on OAM interface [string] because of insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_NO_ENOUGH_RESOURCE: The configuration failed on OAM interface Ethernet1/0/1 because of insufficient resources.
Explanation	The configuration failed on the OAM interface because of insufficient system resources.
Recommended action	Remove useless configurations to release the resources, and execute the command again.

ETHOAM_NOT_CONNECTION_TIMEOUT

Message text	Interface [string] quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_NOT_CONNECTION_TIMEOUT: Interface Ethernet1/0/1 quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Explanation	The local interface ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status and the OAM status on the peer.

EVB messages

This section contains EVB messages.

EVB_AGG_FAILED

Message text	Remove port [STRING] from aggregation group [STRING]. Otherwise, the EVB feature does not take effect.
Variable fields	$1: Port name. $2: Aggregation port name.
Severity level	6
Example	EVB/6/EVB_AGG_FAILED: Remove port GigabitEthernet5/0/5 from aggregation group Bridge-Aggregation5. Otherwise, the EVB feature does not take effect.
Explanation	EVB bridge fails to process a port in an aggregation group.
Recommended action	Remove the port from the aggregation group.

EVB_LICENSE_EXPIRE

Message text	The EVB feature's license will expire in [UINT32] days.
Variable fields	$1: Number of days.
Severity level	6
Example	EVB/6/EVB_LICENSE_EXPIRE: The EVB feature's license will expire in 15 days.
Explanation	The license for EVB will expire in the specified number of days.
Recommended action	Purchase and register a new license for the EVB feature.

EVB_VSI_OFFLINE

Message text	VSI [STRING] went offline.
Variable fields	$1: VSI interface/VSI aggregate interface name.
Severity level	6
Example	EVB/6/EVB_VSI_OFFLINE: VSI Schannel-Aggregation1:2.0 went offline.
Explanation	The VSI interface or VSI aggregate interface is deleted when either of the following events occurs: · The EVB bridge receives a VDP packet from the EVB station. · The EVB bridge has not received an acknowledgement after a VDP packet times out.
Recommended action	No action is required.

EVB_VSI_ONLINE

Message text	VSI [STRING] came online, status is [STRING].
Variable fields	$1: VSI interface/VSI aggregate interface name. $2: VSI status.
Severity level	6
Example	EVB/6/EVB_VSI_ONLINE: VSI Schannel-Aggregation1:2.0 came online, status is association.
Explanation	The EVB bridge receives a VDP packet and creates a VSI interface or VSI aggregate interface successfully.
Recommended action	No action is required.

EVIISIS messages

This section contains EVI IS-IS messages.

EVIISIS_LICENSE

Message text	The EVIISIS feature has [STRING] license.
Variable fields	$1: License state: ¡ available—A valid license was found. ¡ no available—The current license became invalid, or no valid license was found.
Severity level	5
Example	EVIISIS/5/EVIISIS_LICENSE: The EVIISIS feature has available license.
Explanation	This message is generated when EVI IS-IS license status changes. For example, an EVI IS-IS license is installed or becomes invalid.
Recommended action	Install a valid EVI IS-IS license if the current EVI IS-IS license is invalid or no license is available.

EVIISIS_NBR_CHG

Message text	EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to: [STRING].
Variable fields	$1: EVI IS-IS process ID. $2: EVI IS-IS neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Adjacency state: ¡ up—Adjacency was set up. ¡ initializing—Neighbor state was initializing. ¡ down—Adjacency was lost.
Severity level	5
Example	EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state changed to: down.
Explanation	The EVI IS-IS adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors or loss of network connectivity.

FCLINK messages

This section contains FC link messages.

FCLINK_FDISC_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough.
Explanation	An FDISC is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCLINK_FLOGI_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough.
Explanation	An FLOGI is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCOE messages

This section contains FCoE messages.

FCOE_INTERFACE_NOTSUPPORT_FCOE

Message text	Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface might cause incorrect processing.
Variable fields	$1: Aggregate interface name. $2: Ethernet interface name.
Severity level	4
Example	FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface might cause incorrect processing.
Explanation	This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface.
Recommended action	Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface.

FCZONE messages

This section contains FC zone messages.

FCZONE_HARDZONE_DISABLED

Message text	-VSAN=[UINT16]: No enough hardware resource for zone rule, switched to soft zoning.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_HARDZONE_DISABLED: -VSAN=2: No enough hardware resource for zone rule, switched to soft zoning.
Explanation	Insufficient hardware resources.
Recommended action	Activate a smaller zone set.

FCZONE_HARDZONE_ENABLED

Message text	-VSAN=[UINT16]: Hardware resource for zone rule is restored, switched to hard zoning.
Variable fields	$1: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_HARDZONE_ENABLED: -VSAN=2: Hardware resource for zone rule is restored, switched to hard zoning.
Explanation	Hard zoning is enabled in a VSAN because the hardware resources are restored.
Recommended action	No action is required.

FCZONE_ISOLATE_NEIGHBOR

Message text	-VSAN=[UINT16]; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is [STRING].
Variable fields	$1: VSAN ID. $2: Neighbor's switch WWN.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_NEIGHBOR: -VSAN=2; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is 10:00:00:11:22:00:0d:01.
Explanation	All E_Ports connected to a neighbor were isolated because a merge operation with the neighbor failed.
Recommended action	To resolve the problem: 1. Use the display current-configuration command on the local switch and the neighbor switch to view their zoning configurations. 2. Modify those noncompliant configurations on both switches to be compliant with merge rules. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FCZONE_ISOLATE_ALLNEIGHBOR

Message text	-VSAN=[UINT16]; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_ALLNEIGHBOR: -VSAN=2; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Explanation	E_Ports connected to all neighbors were isolated because the length of the locally generated MR packet exceeded the limit.
Recommended action	To resolve the problem: 1. Use the display current-configuration command on the local switch to view the zoning configuration. 2. Delete unnecessary zoning configuration of the active zone set. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. Or 4. Activate a smaller zone set. 5. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FCZONE_ISOLATE_CLEAR_VSAN

Message text	-Interface=[STRING]-VSAN=[UINT16]; Isolation status was cleared.
Variable fields	$1: Interface name. $2: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_VSAN: -Interface=Fc0/2/7-VSAN=2; Isolation status was cleared.
Explanation	The isolation status of an interface was cleared in a VSAN.
Recommended action	No action is required.

FCZONE_ISOLATE_CLEAR_ALLVSAN

Message text	-Interface=[STRING]; Isolation status was cleared in all supported VSANs.
Variable fields	$1: Interface name.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_ALLVSAN: -Interface=Fc0/2/7; Isolation status was cleared in all supported VSANs.
Explanation	The isolation status of an interface was cleared in all supported VSANs.
Recommended action	No action is required.

FCZONE_DISTRIBUTE_FAILED

Message text	-VSAN=[UINT16]; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_DISTRIBUTE_FAILED: -VSAN=2; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Explanation	A distribution operation failed. Consequently, the zoning configurations might be inconsistent across the fabric.
Recommended action	To resolve the problem if the distribution operation is triggered by using the zoneset activate command: 1. Verify that the contents of the active zone set are consistent on all switches by using the display current-configuration command. 2. Reactivate the zone set and distribute it to the entire fabric by using the zoneset activate command. To resolve the problem if the distribution operation is triggered by using the zoneset distribute command: 3. Verify that the contents of the active zone set and zone database are consistent on all switches by using the display current-configuration command. 4. Trigger a new complete distribution by using the zoneset distribute command. To resolve the problem if the distribution operation is triggered by a zoning mode switchover: 5. Verify that the zoning mode is the same on all switches by using the display zone status command. 6. Trigger a new complete distribution by using the zoneset distribute command.

File filtering messages

This section contains file filtering syslog and fast log messages.

FFILTER_IPV4_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];Filetype(1096)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Identity username. $13: Action applied to on the packet. Available actions are: ¡ Permit. ¡ Drop. $14: File type. $15: File name.
Severity level	6
Example	FFILTER/6/FFILTER_IPV4_LOG:-MDC=1;Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPAddr(1003)=21.22.23.20;SrcPort(1004)=51396;DstIPAddr(1007)=25.26.27.20;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=abc;Action(1053)=drop;Filetype(1096)=txt;FileName(1097)=abc.txt;
Explanation	An IPv4 packet matched a file filtering rule.
Recommended action	No action is required.

FFILTER_IPV6_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];action(1053)=[STRING];Filetype(1096)=[STRING];FileName(1097)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Identity username. $13: Action applied to on the packet. Available actions are: ¡ Permit. ¡ Drop. $14: File type. $15: File name.
Severity level	6
Example	FFILTER/6/FFILTER_IPV6_LOG:-MDC=1;Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=aaa;Action(1053)=drop;Filetype(1096)=txt;FileName(1097)=abc.txt;
Explanation	An IPv6 packet matched a file filtering rule.
Recommended action	No action is required.

FILTER messages

This section contains filter messages.

FILTER_EXECUTION_ICMP

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Destination IP address. $9: ICMP message type. $10: ICMP message code. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1062)=Echo(8);IcmpCode(1063)=0;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_EXECUTION_ICMPV6

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Destination IPv6 address. $9: ICMPv6 message type. $10: ICMPv6 message code. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1062)=Echo(8);IcmpCode(1063)=0;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV4_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV6_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMPv6 packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched an object policy. This message is sent when the first packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=zone1;DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];SrcMacAddr(1021)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Source MAC address. $11: Destination IP address. $12: Destination port number. $13: Match count. $14: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;SrcMacAddr(1021)=000f-e267-76eb;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the security policy. This message is sent when the first packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched an object policy. This message is sent when the first packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the security policy. This message is sent when the first packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Destination IP address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched an object policy. This message is sent when the first ICMP packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Destination IP address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];SrcMacAddr(1021)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Source MAC address. 10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;SrcMacAddr(1021)=dc4a-3e7d-91b1;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched the security policy. This message is sent when the first ICMP packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched an object policy. This message is sent when the first ICMPv6 packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched the security policy. This message is sent when the first ICMPv6 packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FIPSNG messages

This section contains FIP snooping messages.

FIPSNG_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for FIP snooping rule.
Variable fields	N/A
Severity level	4
Example	FIPSNG/4/FIPSNG_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP snooping rule.
Explanation	Hardware resources are insufficient.
Recommended action	No action is required.

FIPSNG_HARD_RESOURCE_RESTORE

Message text	Hardware resource for FIP snooping rule is restored.
Variable fields	N/A
Severity level	6
Example	FIPSNG/6/FIPSNG_HARD_RESOURCE_RESTORE: Hardware resource for FIP snooping is restored.
Explanation	Hardware resources for FIP snooping rules are restored.
Recommended action	No action is required.

FS messages

This section contains file system messages.

FS_UNFORMATTED_PARTITION

Message text	Partition [%s] is not formatted yet. Please format the partition first.
Variable fields	$1: Partition name.
Severity level	4
Example	FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first.
Explanation	The partition is not formatted. You must format a partition before you can perform other operations on the partition.
Recommended action	Format the specified partition.

FTP messages

This section contains File Transfer Protocol messages.

FTP_ACL_DENY

Message text	The FTP Connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT32])
Variable fields	$1: IP address of the FTP client. $2: VPN instance to which the FTP client belongs. $3: ID of the rule that denied the FTP client. If an FTP client does not match created ACL rules, the device denies the client based on the default ACL rule.
Severity level	5
Example	FTP/5/FTP_ACL_DENY: The FTP connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). FTP/5/FTP_ACL_DENY: The FTP connection request from 181.1.1.10 was denied by ACL rule (default rule).
Explanation	FTP access control ACLs control which FTP clients can access the FTP service on the device. The device sends this log message when it denies an FTP client.
Recommended action	No action is required.

FTP_REACH_SESSION_LIMIT

Message text	FTP client $1 failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device.
Severity level	6
Example	FTP/6/FTP_REACH_SESSION_LIMIT: FTP client 1.1.1.1 failed to log in. The current number of FTP sessions is 10. The maximum number allowed (10).
Explanation	The number of FTP connections reached the limit.
Recommended action	7. Use the display current-configuration \| include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 8. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

GLB messages

This section contains GLB messages.

GLB_SYNCGROUP_CMD_DENY

Message text	Configuration deployment is not allowed because of configuration conflicts on default synchronization group member devices. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Variable fields	None
Severity level	5
Example	H3C GLB/5/GLB_SYNCGROUP_CMD_DENY: Configuration deployment is not allowed because of configuration conflicts on default synchronization group member devices. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Explanation	Configuration deployment is not allowed because of configuration conflicts on default synchronization group members.
Recommended action	Execute the loadbalance default-syncgroup sync config command on any of the default synchronization group members.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to configuration changes.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT: The default synchronization group member site1 disconnected from site2 due to configuration changes.
Explanation	A connection between default synchronization group members disconnected due to configuration changes.
Recommended action	Check whether member communication capability is enabled and check the IP address and other settings.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to timeout.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to timeout.
Explanation	A connection between default synchronization group members disconnected due to timeout.
Recommended action	Check the member configuration and network connectivity (whether the peer IP address can be successfully pinged).

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to a disconnect message.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to a disconnect message.
Explanation	A connection between default synchronization group members disconnected due to a disconnect message.
Recommended action	Check the configuration on the remote member if the connection cannot be re-established.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to receiving an EPOLLHUP/EPOLLERR signal.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to receiving an EPOLLHUP/EPOLLERR signal.
Explanation	A connection between default synchronization group members disconnected due to receiving an EPOLLHUP/EPOLLERR signal.
Recommended action	Check the network connectivity if the connection cannot be automatically re-established.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to disconnection of the TCP connection by the peer.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to disconnection of the TCP connection by the peer.
Explanation	A connection between default synchronization group members disconnected because the remote member closed the connection.
Recommended action	Check whether the IP address configuration is the same on the two ends.

GLB_SYNCGROUP_MEM_CONNECT

Message text	The default synchronization group member [STRING] connected to [STRING] successfully.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_CONNECT: The default synchronization group member %s connected to %s successfully.
Explanation	Two default synchronization group members established a connection..
Recommended action	No action is required.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] failed to connect to [STRING] due to different member names.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT: The default synchronization group member %s failed to connect to %s due to different member names.
Explanation	Two default synchronization group members failed to establish a connection due to different member names.
Recommended action	Modify one member name to be the same as another member name..

GLB_SYNCGROUP_MEM_DOMAINCONFLICT

Message text	Failed to configure the domain name ([STRING]), because it had been used by the remote end.
Variable fields	$1: Default synchronization group member name.
Severity level	5
Example	H3C GLB/5/GLB_SYNCGROUP_MEM_DOMAINCONFLICT: Failed to configure the domain name (site1), because it had been used by the remote end.
Explanation	This message is generated when the domain name has been used by the remote end.
Recommended action	Configure an unused domain name.

GLB_SYNCGROUP_SYNC_CONFLICT

Message text	Inconsistent ([STRING]) configuration exists on the default synchronization group member devices during connection establishment. Please choose one device to execute the command: loadbalance default-syncgroup sync config. The value some indicates that the remote end detects inconsistent configurations.
Variable fields	$1: Inconsistent object: ¡ data-center. ¡ global-dns-map. ¡ global-isp. ¡ global-proximity. ¡ global-region. ¡ global-reverse-zone. ¡ global-topology. ¡ global-vsp. ¡ global-zone. ¡ some—The remote end detects inconsistent configurations.
Severity level	5
Example	H3C GLB/5/GLB_SYNCGROUP_SYNC_CONFLICT: Inconsistent configuration exists on the default synchronization group member devices during connection establishment. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Explanation	Inconsistent configuration exists on the default synchronization group member devices during connection establishment.
Recommended action	Execute the loadbalance default-syncgroup sync config command on any of the default synchronization group members.

gRPC

This section contains gRPC messages.

GRPC_DIALIN_CLI

Message text	Processed a CLI operation request from user [STRING] at [STRING]: Session ID=[INT32], Result=[STRING], Error code=[STRING], Used time=[STRING].
Variable fields	$1: Username of a user. $2: IP address and port number of a gRPC client. $3: gRPC session ID. $4: RPC operation result: ¡ Succeeded. ¡ Failed. $5: Error code. This field displays OK if the operation succeeded. $6: Time used, in seconds.
Severity level	6
Example	GRPC/6/GRPC_DIALIN_CLI: Processed a CLI operation request from user test at ipv4:192.168.100.20:50051: Session ID=1, Result=Succeeded, Error code=OK, Used time=0.02s.
Explanation	The device processed a CLI operation requested by a gRPC client.
Recommended action	· If error code OK was returned, no action is required. · If an error code other than OK was returned, contact H3C Support.

GRPC_DIALIN_GET

Message text	Processed a GET operation request from user [STRING] at [STRING]: Session ID=[INT32], Path=[STRING]/[STRING], Result=[STRING], Used time=[STRING].
Variable fields	$1: Username of a user. $2: IP address and port number of a gRPC client. $3: gRPC session ID. $4: Module name in an Xpath path. $5: Table name in the Xpath path. $6: RPC operation result: ¡ Succeeded. ¡ Failed. $6: Time used, in seconds.
Severity level	6
Example	GRPC/6/GRPC_DIALIN_GET: Processed a GET operation request from user test at ipv4:192.168.100.20:50051: Session ID=1, Table=ACL/ACLBase, Result=Succeeded, Used time=0.02s.
Explanation	The device processed a Get operation requested by a gRPC client.
Recommended action	No action is required.

GRPC_DIALOUT_EVENT

Message text	Pushed event-triggered data to a collector: Collector IP=[STRING], Port=[STRING], VPN instance=[STRING], Source interface=[STRING], Sensor path=[STRING].
Variable fields	$1: IP address of a collector in a destination group. $2: Listening port of the collector. $3: VPN instance to which the collector belongs. This field displays N/A if the collector belongs to the public network. $4: Source interface for packets sent to the collector. $5: Name of a sensor path.
Severity level	6
Example	GRPC/6/GRPC_DIALOUT_EVENT: Pushed event-triggered data to a collector: Collector IP=192.168.100.20, Port=50050, VPN instance=N/A, Source interface=loopback0, Sensor path=ifmgr/interfaceevent.
Explanation	The device pushed data collected by event-triggered sampling to a collector.
Recommended action	No action is required.

GRPC_DIALOUT_SAMPLE

Message text	Pushed periodic data to a collector: Collector IP=[STRING], Port=[STRING], VPN instance=[STRING], Source interface=[STRING], Sensor path=[STRING].
Variable fields	$1: IP address of a collector in a destination group. $2: Listening port of the collector. $3: VPN instance to which the collector belongs. This field displays N/A if the collector belongs to the public network. $4: Source interface for packets sent to the collector. $5: Name of a sensor path.
Severity level	6
Example	GRPC/6/GRPC_DIALOUT_SAMPLE: Pushed periodic data to a collector: Collector IP=192.168.100.20, Port=50050, VPN instance=N/A, Source interface=loopback0, Sensor path=acl/aclbase.
Explanation	The device pushed data collected by periodic sampling to a gRPC client.
Recommended action	No action is required.

GRPC_ENABLE_WITHOUT_TLS

Message text	PKI domain [STRING] isn't associated with a valid local certificate. The gRPC process will start without the PKI domain.
Variable fields	$1: PKI domain name.
Severity level	4
Example	GRPC/4/GRPC_ENABLE_WITHOUT_TLS: PKI domain xxx isn't associated with a valid local certificate. The gRPC process will start without the PKI domain.
Explanation	The PKI domain did not have a valid local certificate, and gRPC started without using the PKI domain for secure communications between the device and collectors.
Recommended action	To use the PKI domain for secure communication with collectors, perform the following tasks: 1. Verify that the PKI domain exists and has a valid local certificate. 2. Execute the following commands in sequence: ¡ undo grpc enable ¡ grpc pki domain ¡ grpc enable

HA messages

This section contains HA messages.

HA_BATCHBACKUP_FINISHED

Message text	Batch backup of standby board in [STRING] has finished.
Variable fields	$1: Chassis number and slot number or slot number. This field also displays the CPU number if multiple CPUs are available on a slot.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in slot 1 has finished.
Explanation	Batch backup from the active MPU or CPU to the standby MPU or CPU has finished.
Recommended action	No action is required.

HA_BATCHBACKUP_STARTED

Message text	Batch backup of standby board in [STRING] started.
Variable fields	$1: Chassis number and slot number or slot number. This field also displays the CPU number if multiple CPUs are available on a slot.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_STARTED: Batch backup of standby board in slot 1 started.
Explanation	Batch backup from the active MPU or CPU to the standby MPU or CPU has started.
Recommended action	No action is required.

HA_STANDBY_NOT_READY

Message text	Standby board in [STRING] is not ready, reboot ...
Variable fields	$1: Chassis number and slot number or slot number. This field also displays the CPU number if multiple CPUs are available on a slot.
Severity level	4
Example	HA/4/HA_STANDBY_NOT_READY: Standby board in slot 1 is not ready, reboot ...
Explanation	This message appears on the standby MPU or CPU. When batch backup is not complete on the standby MPU or CPU, performing active and standby MPU switchover results in restart of the active and standby MPUs or CPUs.
Recommended action	Do not perform active and standby MPU switchover before batch backup is complete on the standby MPU.

HA_STANDBY_TO_MASTER

Message text	Standby board in [STRING] changed to the master.
Variable fields	$1: Chassis number and slot number or slot number. This field also displays the CPU number if multiple CPUs are available on a slot.
Severity level	5
Example	HA/5/HA_STANDBY_TO_MASTER: Standby board in slot 1 changed to the master.
Explanation	An active and standby MPU switchover occurs. The standby MPU CPU changed to active.
Recommended action	No action is required.

HLTH messages

This section contains health monitoring messages.

LIPC_COMM_FAULTY

Message text	LIPC [STRING] between [STRING] and [STRING] might be faulty.
Variable fields	$1: LIPC communication type. Options include: ¡ unicast—Unicast communication. ¡ broadcast —Broadcast communication. ¡ topo—Topology communication. $2: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. $3: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs.
Severity level	4
Example	HLTH/4/LIPC_COMM_FAULTY: LIPC unicast between slot 1 and slot 2 might be faulty.
Explanation	An LIPC communication exception occurred.
Recommended action	Execute the display system health command to identify system health status. If the issue persists after 30 minutes, contact H3C Support.

LIPC_COMM_RECOVER

Message text	LIPC [STRING] between [STRING] and [STRING] recovered.
Variable fields	$1: LIPC communication type. Options include: ¡ unicast—Unicast communication. ¡ broadcast—Broadcast communication. ¡ topo—Topology communication. $2: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs. $3: Chassis number and slot number and CPU number, or slot number and CPU number. A CPU number is present only if the slot supports multiple CPUs.
Severity level	6
Example	HLTH/6/LIPC_COMM_NORMAL: LIPC unicast between slot 1 and slot 2 recovered.
Explanation	The LIPC communication recovered.
Recommended action	No action is required.

HQOS messages

This section contains HQoS messages.

HQOS_DP_SET_FAIL

Message text	Failed to set drop profile [STRING] globally.
Variable fields	$1: Drop profile name.
Severity level	4
Example	HQOS/4/HQOS_DP_SET_FAIL: Failed to set drop profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a drop profile globally. · Modify a drop profile applied globally.
Recommended action	Check the drop profile settings.

HQOS_FP_SET_FAIL

Message text	Failed to set [STRING] in forwarding profile [STRING] globally.
Variable fields	$1: Policy type: · gts. · bandwidth. · queue. · drop profile. $2: Forwarding profile name.
Severity level	4
Example	HQOS/4/HQOS_FP_SET_FAIL: Failed to set gts in forwarding profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a forwarding profile globally. · Modify a forwarding profile applied globally.
Recommended action	Examine the forwarding profile, and make sure it is supported and has no conflicted contents.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to apply some forwarding classes or forwarding groups in scheduler policy [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name.
Severity level	4
Example	HQOS/4/HQOS_POLICY_APPLY_FAIL: Failed to apply some forwarding classes or forwarding groups in scheduler policy b to the inbound direction of interface Ethernet3/1/2.
Explanation	The system failed to perform one of the following actions: · Apply a scheduler policy to a specific direction of an interface. · Modify a scheduler policy applied to a specific direction of an interface.
Recommended action	Use the display qos scheduler-policy diagnosis interface command to identify the nodes that failed to be applied and the failure causes, and modify the running configuration.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to recover scheduler policy [STRING] to the [STRING] direction of interface [STRING] due to [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. $4: Cause.
Severity level	4
Example	HQOS/4/HQOS_POLICY_RECOVER_FAIL: Failed to recover scheduler policy b to the outbound direction of interface Ethernet3/1/2 due to conflicting with QoS configuration.
Explanation	The system failed to recover an applied scheduler policy after the card or device rebooted, because the scheduler policy conflicted with the QoS configuration on the interface.
Recommended action	Check the scheduler policy configuration according to the failure cause.

HTTPD messages

This section contains HTTP daemon messages.

HTTPD_CONNECT

Message text	[STRING] client [STRING] connected to the server successfully.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully.
Explanation	The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up.
Recommended action	No action is required.

HTTPD_CONNECT_TIMEOUT

Message text	[STRING] client [STRING] connection idle timeout.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout.
Explanation	An HTTP or HTTPS connection was disconnected because the idle timeout timer expires.
Recommended action	No action is required.

HTTPD_DISCONNECT

Message text	[STRING] client [STRING] disconnected from the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server.
Explanation	An HTTP or HTTPS client was disconnected from the server.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACL

Message text	[STRING] client [STRING] failed the ACL check and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server.
Explanation	An HTTP or HTTPS client was filtered by the ACL.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACP

Message text	[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server.
Explanation	An HTTP or HTTPS client was denied by the certificate access control policy.
Recommended action	No action is required.

HTTPD_REACH_CONNECT_LIMIT

Message text	[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit.
Explanation	The number of connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

Identity messages

This section contains user identification messages.

IDENTITY_AUTO_IMPORT_FINISHED

Message text	Finished importing identity user accounts and groups automatically.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_AUTO_IMPORT_FINISHED: Finished importing identity user accounts and groups automatically.
Explanation	The system finished importing identity user accounts and groups automatically.
Recommended action	No action is required.

IDENTITY_AUTO_IMPORT_START

Message text	Started to import identity user accounts and groups automatically.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_AUTO_IMPORT_START: Started to import identity user accounts and groups automatically.
Explanation	The system automatically started to import identity user accounts and groups.
Recommended action	No action is required.

IDENTITY_CSV_IMPORT_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the .csv file.
Variable fields	$1: Identity username. $2: Identity domain name.
Severity level	5
Example	IDENTITY/5/IDENTITY_CSV_IMPORT_FAILED: Failed to import identity user network-us?er1 to domain system-domain from the .csv file.
Explanation	Failed to import an identity user account from a .csv file and stopped importing remaining identity user accounts.
Recommended action	1. Make sure no identity user account with the same name exists on the device. 2. Make sure the identity domain name or the identity username does not contain invalid characters.

IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from IMC. Reason: Not enough memory.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from IMC. Reason: Not enough memory.
Explanation	Failed to import identity user accounts and online identity user information from the IMC server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from the LDAP server specified in scheme [STRING]. Reason: Not enough memory.
Variable fields	$1: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from the LDAP server specified in scheme test. Reason: Not enough memory.
Explanation	Failed to import identity users and identity groups from an LDAP server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_GROUP_FAILED

Message text	Failed to import identity group [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity group name. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_GROUP_FAILED: Failed to import identity group group-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity group from the LDAP server specified in an LDAP scheme.
Recommended action	1. Make sure no identity group with the same group name exists on the device. 2. Make sure the identity domain name or the identity group name does not contain invalid characters.

IDENTITY_LDAP_IMPORT_USER_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity username. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_USER_FAILED: Failed to import identity user user-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity user from the LDAP server specified in an LDAP scheme.
Recommended action	1. Make sure no identity user with the same name exists on the device. 2. Make sure the identity domain name or the identity username does not contain invalid characters.

IFNET messages

This section contains interface management messages.

IF_JUMBOFRAME_WARN

Message text	The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING].
Variable fields	$1: Aggregate interface name. $2: Member port name.
Severity level	3
Example	IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1.
Explanation	Some member ports do not support the jumbo frame size configured on the aggregate interface.
Recommended action	1. Identity the value range for the jumbo frame size supported on member ports. 2. Specify a jumbo frame size supported by member ports for the aggregate interface.

IFMGR_SPEED_CHANGE

Message text	The speed of interface [STRING] has changed to [STRING].
Variable fields	$1: Aggregate interface name. $2: Speed after change.
Severity level	6
Example	IFNET/6/IFMGR_SPEED_CHANGE: The speed of interface Route-Aggregation6 has changed to 1Gbps.
Explanation	The speed of an aggregate interface changed.
Recommended action	No action is required.

INTERFACE_NOTSUPPRESSED

Message text	Interface [STRING] is not suppressed.
Variable fields	$1: Interface name.
Severity level	6
Example	IFNET/6/INTERFACE_NOTSUPPRESSED: Interface GigabitEthernet1/0/1 is not suppressed.
Explanation	The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface.
Recommended action	No action is required.

INTERFACE_SUPPRESSED

Message text	Interface [STRING] was suppressed.
Variable fields	$1: Interface name.
Severity level	5
Example	IFNET/5/INTERFACE_SUPPRESSED: Interface GigabitEthernet1/0/1 was suppressed.
Explanation	The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface.
Recommended action	1. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 2. Configure physical state change suppression to adjust the suppression parameters.

LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: State of link layer protocol, which can be up or down.
Severity level	5
Example	IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down.
Explanation	The link layer protocol state changed on an interface.
Recommended action	When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface.

PFC_WARNING

Message text	On interface [STRING], the rate of [STRING] PFC packets of 802.1p priority [INTEGER] exceeded the PFC early-warning threshold [INTEGER] pps. The current rate is [INTEGER].
Variable fields	$1: Interface name. $2: Alarm direction, which can be input or output. $3: 802.1p priority. $4: Rate threshold at which the interface receives or sends PFC frames, in pps. $5: Rate at which the interface receives or sends PFC frames, in pps.
Severity level	4
Example	IFNET/4/PFC_WARNING: On interface GigabitEthernet1/0/1, the rate of input PFC packets of 802.1p priority 1 exceeded the PFC early-warning threshold 50 pps. The current rate is 60.
Explanation	The rate at which the interface receives or sends PFC frames reaches the early-warning threshold.
Recommended action	No action is required.

PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Link state, which can be up or down.
Severity level	3
Example	IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down.
Explanation	The physical state changed on an interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

PROTOCOL_UPDOWN

Message text	Protocol [STRING] state on the interface [STRING] changed to [STRING].
Variable fields	$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface GigabitEthernet1/0/1 changed to up.
Explanation	The state of a protocol has been changed on an interface.
Recommended action	When the state of a network layer protocol is down, check the network layer protocol configuration.

STORM_CONSTRAIN_BELOW

Message text	[STRING] is in controlled status, [STRING] flux falls below its lower threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_BELOW: GigabitEthernet1/0/1 is in controlled status, BC flux falls below its lower threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_CONTROLLED

Message text	[STRING] turned into controlled status, port status is controlled, packet type is [STRING], upper threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_CONTROLLED: GigabitEthernet1/0/1 turned into controlled status, port status is controlled, packet type is BC, upper threshold is 90%.
Explanation	The port is in controlled state. Any type of traffic on the port exceeds the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_EXCEED

Message text	[STRING] is in controlled status, [STRING] flux exceeds its upper threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_EXCEED: GigabitEthernet1/0/1 is in controlled status, BC flux exceeds its upper threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_NORMAL

Message text	[STRING] returned to normal status, port status is [STRING], packet type is [STRING], lower threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_NORMAL: GigabitEthernet1/0/1 returned to normal status, port status is normal, packet type is BC, lower threshold is 10%.
Explanation	The port is in normal state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

TUNNEL_LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.
Explanation	The link layer protocol state changed on a tunnel interface.
Recommended action	When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface.

TUNNEL_PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	3
Example	IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.
Explanation	The link layer state changed on a tunnel interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

VLAN_MODE_CHANGE

Message text	Dynamic VLAN [INT32] has changed to a static VLAN.
Variable fields	$1: VLAN ID.
Severity level	5
Example	IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN.
Explanation	Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN.
Recommended action	No action is required.

IKE messages

This section contains IKE messages.

IMA

This section contains Integrity Measurements Architecture (IMA) messages.

IMA_ALLOCATE_FAILED

Message text	Failed to allocate resource for file [STRING].
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_ALLOCATE_FAILED: Failed to allocate resource for file /sbin/tcsmd.
Explanation	IMA failed to allocate resources to the specified file.
Recommended action	Contact H3C Support.

IMA_DATA_ERROR

Message text	Can't collect data of file [STRING].
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_DATA_ERROR: Can't collect data of file /sbin/tcsmd.
Explanation	IMA failed to open the specified file, read data from the file, or compute the hash value of the file.
Recommended action	Contact H3C Support.

IMA_FILE_HASH_FAILED

Message text	Hash value of file [STRING] is not consistent with that in the RM file.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_FILE_HASH_FAILED: Hash value of file /sbin/tcsmd is not consistent with that in the RM file.
Explanation	The computed hash value of the specified file is different from the hash value of the file stored in the RM file. The specified file is not trustworthy.
Recommended action	Contact H3C Support.

IMA_RM_FILE_MISS

Message text	File [STRING] is missing in the RM file.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_RM_FILE_MISS: File /sbin/tcsmd is missing in the RM file.
Explanation	IMA did not find information about the specified file in the RM file.
Recommended action	Contact H3C Support.

IMA_RM_HASH_MISS

Message text	Hash value of file [STRING] is missing in the RM file.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_RM_HASH_MISS: Hash value of file /sbin/tcsmd is missing in the RM file.
Explanation	IMA did not find the hash value of the specified file in the RM file. The hash algorithm used for integrity measurement of the specified file might not be supported in the RM.
Recommended action	Contact H3C Support.

IMA_TEMPLATE_ERROR

Message text	Failed to extend template hash value of file [STRING] to the PCR.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	IMA/4/IMA_TEMPLATE_ERROR: Failed to extend template hash value of file /sbin/tcsmd to the PCR.
Explanation	IMA failed to extend the template hash value of the specified file to the PCRs.
Recommended action	Contact H3C Support.

iNQA

This section contains Intelligent Network Quality Analyzer (iNQA) messages.

INQA_BWD_LOSS_EXCEED

Message text	Packet loss rate of the backward flow in instance [UINT] exceeded the upper limit.
Variable fields	$1: Instance ID.
Severity level	5
Example	INQA/5/INQA_BWD_LOSS_EXCEED: Packet loss rate of the backward flow in instance 1 exceeded the upper limit.
Explanation	The message is sent when the packet loss rate of the backward flow exceeds the upper limit.
Recommended action	Examine the network and verify the physical connections are correct.

INQA_BWD_LOSS_RECOV

Message text	Packet loss rate of the backward flow in instance [UINT] recovered.
Variable fields	$1: Instance ID.
Severity level	6
Example	INQA/6/INQA_BWD_LOSS_RECOV: Packet loss rate of the backward flow in instance 1 recovered.
Explanation	The message is sent when the packet loss rate of the backward flow drops down below the upper limit.
Recommended action	N/A

INQA_DEBUG_FAIL

Message text	Setting debugging switch to drive failed.
Severity level	5
Example	INQA/5/INQA_DEBUG_FAIL: Setting debugging switch to drive failed.
Explanation	This message is sent when the system fails to set iNQA debugging switch to drive.
Recommended action	Delete the iNQA debugging switch setting and reconfigure the debugging.

INQA_FLAG_DIFF

Message text	Flags of collectors bound with the analyzer instance [UINT] are inconsistent.
Variable fields	$1: ID of the analyzer instance.
Severity level	5
Example	INQA/5/INQA_FLAG_DIFF: Flags of collectors bound with the analyzer instance 1 are inconsistent.
Explanation	This message is sent when iNQA detects that the flag bit settings on the collectors bound to analyzer instance 1 are inconsistent.
Recommended action	Verify that the same flag bit is set on all collectors that are bound to the analyzer instance.

INQA_FLAG_FAIL

Message text	Setting coloring bit to drive failed.
Severity level	5
Example	INQA/5/INQA_FLAG_FAIL: Setting coloring bit to drive failed.
Explanation	This message is sent when the system fails to set the color bit setting to the drive.
Recommended action	1. Use the display qos-acl resource command to verify that the ACL resources are sufficient. 2. If the resources are not sufficient, delete unnecessary ACLs and reconfigure the instance.

INQA_FLOW_DIFF

Message text	Flows of collectors bound with the analyzer instance [UINT] are inconsistent.
Variable fields	$1: ID of the analyzer instance.
Severity level	5
Example	INQA/5/INQA_FLOW_DIFF: Flows of collectors bound with the analyzer instance 1 are inconsistent.
Explanation	This message is sent when iNQA detects that the target flows in statistics packets reported by the collectors bound to analyzer instance 1 are inconsistent.
Recommended action	Verify that the same target flow is defined on all collectors that are bound to the analyzer instance.

INQA_FWD_LOSS_EXCEED

Message text	Packet loss rate of the forward flow in instance [UINT] exceeded the upper limit.
Variable fields	$1: Instance ID.
Severity level	5
Example	INQA/5/INQA_FWD_LOSS_EXCEED: Packet loss rate of the forward flow in instance 1 exceeded the upper limit.
Explanation	The message is sent when the packet loss rate of the forward flow exceeds the upper limit.
Recommended action	Examine the network and verify the physical connections are correct.

INQA_FWD_LOSS_RECOV

Message text	Packet loss rate of the forward flow in instance [UINT] recovered.
Variable fields	$1: Instance ID.
Severity level	6
Example	INQA/6/INQA_FWD_LOSS_RECOV: Packet loss rate of the forward flow in instance 1 recovered.
Explanation	The message is sent when the packet loss rate of the forward flow drops down below the upper limit.
Recommended action	N/A

INQA_INST_FAIL

Message text	Setting instance [UINT] information to drive failed.
Variable fields	$1: Instance ID.
Severity level	5
Example	INQA/5/INQA_INST_FAIL: Setting instance 1 information to drive failed.
Explanation	This message is sent when the system fails to send the instance configuration to the drive.
Recommended action	1. Use the display qos-acl resource command to verify that the ACL resources are sufficient. 2. If the resources are not sufficient, delete unnecessary ACLs and reconfigure the instance.

INQA_INTVL_DIFF

Message text	Intervals of collectors bound with analyzer instance [UINT] are inconsistent.
Variable fields	$1: ID of the analyzer instance.
Severity level	5
Example	INQA/5/INQA_INTVL_DIFF: Intervals of collectors bound with analyzer instance 1 are inconsistent.
Explanation	This message is sent when iNQA detects that the measurement intervals in statistics packets reported by the collectors bound to analyzer instance 1 are inconsistent.
Recommended action	Verify that the same measurement intervals are configured on all collectors that are bound to the analyzer instance.

INQA_MPNODATA

Message text	No statistics on MP [UINT]. Reason:[text].
Severity level	4
Example	INQA/4/INQA_MPNODATA: No statistics on MP [UINT]. Reason:[text].
Explanation	This message is sent when no statistics exist on the MP because the interface bound to the MP does not exist or the MP does not bound to any interface.
Recommended action	Bind a physical interface to the MP.

INQA_NO_RESOURCE

Message text	Failed to configure instance [UINT] due to insufficient resources.
Variable fields	$1: ID of the instance.
Severity level	5
Example	INQA/5/INQA_NO_RESOURCE: Failed to configure instance 1 due to insufficient resources.
Explanation	This message is sent when iNQA fails to configure an instance due to insufficient ACL resources.
Recommended action	Release ACL resources by deleting unused iNQA instances or unused ACL resources, and then configure the instance.

INQA_NO_SUPPORT

Message text	iNQA is not supported in this slot.
Severity level	5
Example	INQA/5/INQA_NO_SUPPORT: iNQA is not supported in this slot.
Explanation	This message is sent when the specified slot does not support iNQA.
Recommended action	Install an iNQA-capable module in the slot or switch the traffic for iNQA measurement to another slot that supports iNQA.

INQA_SMOOTH_BEGIN_FAIL

Message text	Setting smoothing beginning to kernel failed.
Severity level	5
Example	INQA/5/INQA_SMOOTH_BEGIN_FAIL: Setting smoothing beginning to the kernel failed.
Explanation	This message is sent when iNQA fails to notify the kernel of the start of the smooth.
Recommended action	Please contact H3C support.

INQA_SMOOTH_END_FAIL

Message text	Setting smoothing ending to kernel failed.
Severity level	5
Example	INQA/5/INQA_SMOOTH_END_FAIL: Setting smoothing ending to kernel failed.
Explanation	This message is sent when iNQA fails to notify the kernel of the end of the smooth.
Recommended action	Please contact H3C support.

Introduction

This document includes the following system messages:

· Messages specific to Release xxx of the device.

· Messages for the Comware 7 software platform version based on which Release xxx was produced. Some platform system messages might not be available on the device.

This document is intended only for managing xxx. Do not use this document for any other device models.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

· Log host (RFC 3164-compliant format):

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

· Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

NOTE:

Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element.

Table 2 System log message elements

Element	Description
<PRI>	Priority identifier. This element is contained only in messages sent to the log host. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 3.
Prefix	Message type identifier. This element is contained only in the messages sent to non-log-host destinations. This element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level.
TIMESTAMP	Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log-host destinations—Use the info-center timestamp command.
Sysname	Name or IP address of the device that generated the message.
%%vendor	Manufacturer flag. This element is %%10 for H3C. This element is contained only in messages sent to the log host.
MODULE	Name of the module that produced the message.
severity	Severity level of the message. (For more information about severity levels, see Table 3.)
MNEMONIC	Text string that uniquely identifies the system message. The maximum length is 32 characters.
location	Optional. This element identifies where the message occurred. This element is contained only in messages sent to the log host. This element presents location information about the message in the following format: -attribute1=x-attribute2=y…-attributeN=z The following are examples of location attributes: · -MDC=XX, which represents the MDC on which the message occurred. · -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message. · -Slot=XX, which represents the slot on which the message occurred. · -Chassis=XX-Slot=XX, which represent the chassis and slot on which the message occurred. This element is separated from the CONTENT element by using a semicolon (;).
CONTENT	A description of the event or error. For variable fields in this element, this document uses the representations in Table 4. The CONTENT field in most log messages is represented by one or multiple sentences, for example, VTY logged in from 192.168.1.21. Certain log messages are used only to record parameter values. The CONTENT field for such messages is represented in the format of key info 1;key info 2,..key info n. The key information can be one of the following formats: · Keyword(keyword ID)=Value · Keyword(keyword ID)=(Text ID)Text description The IDs are factory default parameters that enable the log host software (for example, security management system) to parse keyword content: · The keyword ID represents the keyword before the ID. · The text ID represents the text description after the ID. For example, in the key information streamAlarmType(1032)=(42)Too fast speed of TCP session to destination IP, value 1032 represents keyword streamAlarmType, and value 42 represents text description Too fast speed of TCP session to destination IP.

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity.

Table 3 System log message severity levels

Level	Severity	Description
0	Emergency	The system is unusable. For example, the system authorization has expired.
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.
3	Error	Error condition. For example, the link state changes or a storage card is unplugged.
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.
5	Notification (Notice in RFC 3164)	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.
6	Informational	Informational message. For example, a command or a ping operation is executed.
7	Debug	Debugging message.

For variable fields in the message text, this document uses the representations in Table 4. The values are case insensitive, even though the representations are uppercase letters.

Table 4 Variable field representations

Representation	Information type
INT16	Signed 16-bit decimal number.
UINT16	Unsigned 16-bit decimal number.
INT32	Signed 32-bit decimal number.
UINT32	Unsigned 32-bit decimal number.
INT64	Signed 64-bit decimal number.
UINT64	Unsigned 64-bit decimal number.
DOUBLE	Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].
HEX	Hexadecimal number.
CHAR	Single character.
STRING	Character string.
IPADDR	IP address.
MAC	MAC address.
DATE	Date.
TIME	Time.

Fast log message format

Log header formats

Table 5 shows the log header formats.

Table 5 Log header formats

Log type	Format	Example
Standard logs	<PRI> Timestamp AppName %%10 SN:sn VsysId:id	<134> Apr 28 15:35:32 2020 H3C %%10 SN:10056879 VsysId:1
Custom logs	URL filtering Unicom format: PRI Vision HostName Timestamp AppName MsgID HostName Len	142 1 100.0.0.1 2020 Apr 28 15:35:43 H3C NAT444:SessionU 57
	NAT CMCC format: <PRI> Vision HostName Timestamp AppName ProcID MsgID	<142> 1 100.0.0.1 2020 Apr 28 15:35:32 H3C - NAT444:SessionA
	NAT Unicom format: <PRI> Vision HostName Timestamp AppName ProcID MsgID	<142> 1 100.0.0.1 2020 Apr 28 15:35:43 H3C - NAT444:SessionA
	NAT Telecom format: <PRI> Vision Timestamp HostName AppName ProcID MsgID	<134> 1 2020 Apr 28 15:35:38 100.0.0.1 H3C - NAT444:sessionbasedA

Log field description

Table 6 displays descriptions of log fields in the header and content.

Table 6 Log field description

Field	Description
PRI	Log type code, The value is fixed to 134 for standard and NAT Telecom logs, and is fixed to 142 for URL filtering Unicom, NAT CMCC, and NAT Unicom logs.
Timestamp	Time when the log was generated. The timestamp format is YYYY Mon DD hh:mm:ss.
AppName	Name of the device that generated the log.
%%10	Vendor of the device.
SN	Serial number of the device. This field is available only after you execute the customlog with-sn command. You can obtain the device SN in the DEVICE_SERIAL_NUMBER field from the output of the display device manuinfo command.
VsysId	ID of the virtual system that generated the log.
HostName	Source IP address of the log.
MsgID	Log message type.
Len	Total length of the log header, in bytes.
ProcID	Reserved field. This field displays a hyphen (-).

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

· To display log messages on the monitor terminal, you must configure the terminal monitor command.

· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

NOTE:

Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin.

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/.

To view the contents of the log file on the device, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 7 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.

Table 7 Software module list

Module name representation	Module name expansion
AAA	Authentication, Authorization and Accounting
ACL	Access Control List
ADVPN	Auto Discovery Virtual Private Network
AFT	Address Family Translation
ANCP	Access Node Control Protocol
ANTIVIRUS	Anti-virus
APMGR	Access Point Management
APR	Application Recognition
ARP	Address Resolution Protocol
ASPF	Advanced Stateful Packet Filter
ATK	Attack Detection and Prevention
ATM	Asynchronous Transfer Mode
AUDIT	Audit
AUTOCFG	Automatic configuration
AVC	Application Visibility Control
BFD	Bidirectional Forwarding Detection
BGP	Border Gateway Protocol
BLS	Blacklist
CC	Challenge Collapsar Defense
CFD	Connectivity Fault Detection
CFGLOG	Configuration log
CFGMAN	Configuration Management
CGROUP	Collaboration Group
CONNLMT	Connection Limit
CONTEXT	Context
DAC	Data Analysis Center
DEV	Device Management
DFILTER	Data Filter
DHCP	Dynamic Host Configuration Protocol
DHCPS	DHCP Server
DHCPS6	DHCPv6 Server
DHCPSP4	DHCP Snooping
DHCPSP6	DHCPv6 Snooping
DIAG	Diagnosis
DIM	DPI Engine
DLDP	Device Link Detection Protocol
DNS	Domain Name System
DOT1X	802.1X
EDEV	Extended-Device Management
EIGRP	Enhanced Interior Gateway Routing Protocol
ERPS	Ethernet Ring Protection Switching
ETHOAM	Ethernet Operation, Administration and Maintenance
EVB	Edge Virtual Bridging
EVIISIS	Ethernet Virtual Interconnect Intermediate System-to-Intermediate System
FCLINK	Fibre Channel Link
FCOE	Fibre Channel Over Ethernet
FCZONE	Fibre Channel Zone
FFILTER	File Filter
FILTER	Filter
FIPSNG	FIP Snooping
FS	File System
FTP	File Transfer Protocol
GLB	Global Load Balancing
gRPC	Google Remote Procedure Call
HA	High Availability
HQOS	Hierarchical QoS
HTTPD	Hypertext Transfer Protocol Daemon
IDENTITY	Identity
IFNET	Interface Net Management
IKE	Internet Key Exchange
IMA	Integrity Measurements Architecture
IP6ADDR	IPv6 Addressing
IPADDR	IP Addressing
IPOE	IP over Ethernet
IPREPUTATION	IP Reputation
RESMON	Resource Monitoring
IPS	Intrusion Prevention System
IPSEC	IP Security
IPSG	IP Source Guard
IRDP	ICMP Router Discovery Protocol
IRF	Intelligent Resilient Framework
ISIS	Intermediate System-to-Intermediate System
ISSU	In-Service Software Upgrade
KDNS	Kernel Domain Name System
KHTTP	Kernel Hypertext Transfer Protocol
L2PT	Layer 2 Protocol Tunneling
L2TPV2	Layer 2 Tunneling Protocol Version 2
L2VPN	Layer 2 VPN
LAGG	Link Aggregation
LB	Load Balancing
LDP	Label Distribution Protocol
LIPC	Leopard Inter-Process Communication
LLDP	Link Layer Discovery Protocol
LOAD	Load Management
LOGIN	Login
LPDT	Loopback Detection
LS	Local Server
LSPV	LSP Verification
MAC	Media Access Control
MACA	MAC Authentication
MACSEC	MAC Security
MBFD	MPLS BFD
MBUF	Memory Buffer
MDC	Multitenant Device Context
MFIB	Multicast Forwarding Information Base
MGROUP	Mirroring Group
MPLS	Multiprotocol Label Switching
MTLK	Monitor Link
NAT	Network Address Translation
ND	Neighbor Discovery
NETCONF	Network Configuration Protocol
NETSHARE	NetShare Control
NQA	Network Quality Analyzer
NTP	Network Time Protocol
OBJP	Object Policy
OFP	OpenFlow Protocol
OPTMOD	Optical Module
OPENSRC(RSYNC)	Open Source (Remote Synchronization)
OSPF	Open Shortest Path First
OSPFV3	Open Shortest Path First Version 3
PBB	Provider Backbone Bridge
PBR	Policy-Based Routing
PCAPWARE	Packet Capture Wireshark
PCE	Path Computation Element
PEX	Port Extender
PFILTER	Packet Filter
PHYD	Physical Detection
PIM	Protocol Independent Multicast
PING	Packet Internet Groper
PKI	Public Key Infrastructure
PKT2CPU	Packet to CPU
PKTCPT	Packet Capture
PORTAL	Portal
PORTSEC	Port Security
POSA	Point Of Sales
PPP	Point to Point Protocol
PREPROVISION	Preprovision
PTS	Platform Trust Services
PWDCTL	Password Control
QOS	Quality of Service
RADIUS	Remote Authentication Dial In User Service
RBM	Remote Backup Management
RDDC	Redundancy
REPUTATION	Reputation
RIP	Routing Information Protocol
RIPNG	Routing Information Protocol Next Generation
RM	Routing Management
RPR	Resilient Packet Ring
RRPP	Rapid Ring Protection Protocol
RTM	Real-Time Event Manager
SANDBOX	Sandbox
SCD	Server Connection Detection
SCM	Service Control Manager
SCRLSP	Static CRLSP
SECDIAG	Security Diagnose
SECP	Security Policy
SESSION	Session
SFLOW	Sampler Flow
SHELL	Shell
SLSP	Static LSP
SMLK	Smart Link
SNMP	Simple Network Management Protocol
SSHC	Secure Shell Client
SSHS	Secure Shell Server
SSL	Secure Sockets Layer
SSL VPN	Secure Sockets Layer Virtual Private Network
STAMGR	Station Management
STM	Stack Topology Management
STP	Spanning Tree Protocol
SYSEVENT	System Event
SYSLOG	System Log
TAC	Trusted Access Control
TACACS	Terminal Access Controller Access Control System
TCSM	Trusted Computing Services Management
TELNETD	Telnet Daemon
TERMINAL	Terminal Identification
TRILL	Transparent Interconnect of Lots of Links
UDPI	User DPI
UFLT	URL Filter
VLAN	Virtual Local Area Network
VRRP	Virtual Router Redundancy Protocol
VSRP	Virtual Service Redundancy Protocol
VXLAN	Virtual eXtensible LAN
WAF	Web Application Firewall
WEB	Web
WEBCACHE	Web Cache
WFF	WLAN Fast Forwarding
WIPS	Wireless Intrusion Prevention System
WLANAUD	WLAN Audit
WMESH	WLAN Mesh
WRDC	Wireless Roaming Data Center
WSA	Wireless Spectrum Analysis

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.

This document explains messages in tables. Table 8 describes information provided in these tables.

Table 8 Message explanation table contents

Item	Content	Example
Message text	Presents the message description.	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text.	$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule.
Severity level	Provides the severity level of the message.	6
Example	Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	Explains the message, including the event or error cause.	Number of packets that matched an ACL rule. This message is sent when the packet counter changes.
Recommended action	Provides recommended actions. For informational messages, no action is required.	No action is required.

IP6ADDR messages

This section contains IPv6 addressing messages.

IP6ADDR_CREATEADDRESS_CONFLICT

Message text	Failed to create an address by the prefix. Reason: [STRING] on [STRING] conflicts with SRv6 locator [STRING].
Variable fields	$1: IPv6 address. $2: Interface name. $3: IPv6 prefix of the locator.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_CONFLICT: Failed to create an address by the prefix. Reason: 2000::1234:0:0:1/80 on GigabitEthernet1/0/1 conflicts with SRv6 locator 2000::1/64.
Explanation	This message is sent when the ipv6 address prefix-number configuration conflicts with the SRv6 locator configuration in SRv6 view.
Recommended action	Remove the conflicting configuration and reconfigure the ipv6 address prefix-number command.

‌

IP6ADDR_CREATEADDRESS_ERROR

Message text	Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap.
Variable fields	$1: IPv6 prefix. $2: Interface name. $3: IPv6 prefix. $4: Interface name.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/ 64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap.
Explanation	The device failed to use a prefix to generate an IPv6 address for an interface because the prefixes overlapped on this interface and another interface.
Recommended action	Cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix.

‌

IP6ADDR_CREATEADDRESS_FAIL

Message text	Form 1: Failed to create an address. Reason: The IPv6 address [STRING] configured on [STRING] is being used by interface [STRING] on the device. Form 2: Failed to create an address. Reason: The subnet of the IPv6 address [STRING] configured on [STRING] overlaps with the subnet of interface [STRING] on the device.
Variable fields	$1: IPv6 address. $2: Interface name 1. $3: Interface name 2.
Severity level	3
Example	IP6ADDR/3/IP6ADDR_CREATEADDRESS_FAIL: Failed to create an address. Reason:The IPv6 address 2::1 configured on GigabitEthernet 1/0/1 is being used by interface GigabitEthernet 1/0/2 on the device. IP6ADDR/3/IP6ADDR_CREATEADDRESS_FAIL: Failed to create an address. Reason:The subnet of the IPv6 address 3::10 configured on Vlan-interface 10 overlaps with the subnet of interface Vlan-interface 20 on the device.
Explanation	For Form 1: The IPv6 address allocated to this interface has been used by another interface. For Form 2: The subnet of the IPv6 address allocated to this interface overlaps with that of another interface.
Recommended action	Configure another IPv6 address for the interface.

‌

IPADDR messages

This section contains IP addressing messages.

IPADDR_CREATEADDRESS_FAIL

Message text	Form 1: Failed to create an address. Reason: The IP address [STRING] configured on [STRING] is being used by interface [STRING] on the device. Form 2: Failed to create an address. Reason: The subnet of the IP address [STRING] configured on [STRING] overlaps with the subnet of interface [STRING] on the device.
Variable fields	$1: IP address. $2: Interface name 1. $3: Interface name 2.
Severity level	3
Example	IPADDR/3/IPADDR_CREATEADDRESS_FAIL: Failed to create an address. Reason:The IP address 192.168.56.166 configured on GigabitEthernet 1/0/1 is being used by interface GigabitEthernet 1/0/2 on the device. IPADDR/3/IPADDR_CREATEADDRESS_FAIL: Failed to create an address. Reason:The subnet of the IP address 192.168.56.166 configured on Vlan-interface 10 overlaps with the subnet of interface Vlan-interface 20 on the device.
Explanation	For Form 1: The IPv4 address allocated to this interface has been used by another interface. For Form 2: The subnet of the IPv4 address allocated to this interface overlaps with that of another interface.
Recommended action	Configure another IP address for the interface.

‌

IPADDR_HA_EVENT_ERROR

Message text	A process failed HA upgrade because [STRING].
Variable fields	$1: HA upgrade failure reason: ¡ IPADDR failed the smooth upgrade. ¡ IPADDR failed to reupgrade to the master process. ¡ IPADDR stopped to restart the timer. ¡ IPADDR failed to upgrade to the master process. ¡ IPADDR failed to restart the upgrade. ¡ IPADDR failed to add the unicast object to the master task epoll. ¡ IPADDR failed to create an unicast object. ¡ IPADDR role switchover failed when the standby process switched to the master process. ¡ IPADDR switchover failed when the master process switched to the standby process. ¡ IPADDR HA upgrade failed. ¡ IPADDR failed to set the interface filtering criteria. ¡ IPADDR failed to register interface events. ¡ IPADDR failed to subscribe port events. ¡ IPADDR failed to add a VPN port event to the master epoll. ¡ IRDP failed to open DBM. ¡ IRDP failed to initiate a connection to the device management module. ¡ IRDP failed to add the master task epoll with the handle used to connect to the device management module. ¡ IRDP failed to register device management events. ¡ IRDP failed to subscribe port events. ¡ IRDP failed to add the master task epoll with the handle used to subscribe port events. ¡ IRDP failed to set the interface filtering criteria. ¡ IRDP failed to register interface events. ¡ IRDP failed to register network events. ¡ IRDP failed to create the interface control block storage handle. ¡ IRDP failed to create the timer. ¡ IRDP failed to add the master task epoll with the handle used to create the timer. ¡ IRDP failed to set the schedule time for the timer. ¡ IRDP failed to set the timer to unblocked status. ¡ IRDP failed to create a timer instance.
Severity level	4
Example	IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade.
Explanation	A process failed HA upgrade and the message was sent to show the failure reason.
Recommended action	Please contact H3C Support.

IPADDR_HA_STOP_EVENT

Message text	The device received an HA stop event.
Variable fields	None.
Severity level	4
Example	IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event.
Explanation	This message is sent when the device receives an HA stop event.
Recommended action	Please contact H3C Support.

IPoE messages

This section contains IPoE messages.

IPoE_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]; The user came online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	IPOE/6/ IPOE_USER_LOGON_SUCCESS: -UserName=user1-IPAddr=1.1.0.1- IfName=Bas-interface0-OuterVLAN=N/A-InnerVLAN=N/A-MACAddr=FFFF-FFFF-FFFF; The user came online successfully.
Explanation	The user has come online successfully.
Recommended action	No action is required.

IPoE_USER_LOGON_FAILED

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user failed to come online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 9).
Severity level	6
Example	IPOE/6/IPOE_USER_LOGON_FAILED: -UserName=user1-IPAddr=N/A-IfName=Bas-interface0-OuterVLAN=N/A-InnerVLAN=N/A-MACAddr=FFFF-FFFF-FFFF-Reason=Authentication failed ; The user failed to come online.
Explanation	The user failed to come online.
Recommended action	See Table 9.

Table 9 Causes and recommended actions

Cause

Description

Recommended action

Authentication failed

N/A

1. Verify that the device communicates with the authentication server correctly.

2. Verify that the username is correct.

3. Verify that the password is correct.

4. Verify that the authentication domain on the device is correct.

Authorization failed

N/A

5. Verify that the device communicates with the authorization server correctly.

6. Verify that the authorization attributes deployed by the authorization server exist on the device and are configured correctly.

7. Verify that the device supports the authorization attributes deployed by the authorization server.

I PoE_USER_LOGOFF_NORMAL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 10).
Severity level	6
Example	IPOE/6/IPOE_USER_LOGOFF_NORMAL: -UserName=user1-IPAddr=1.1.0.1-IfName=Bas-interface0-OuterVLAN=N/A-InnerVLAN=N/A-MACAddr=FFFF-FFFF-FFFF-Reason=DHCP user request; The user logged off.
Explanation	The user has gone offline normally.
Recommended action	See Table 10.

Table 10 Causes and recommend actions

Cause	Description	Recommended action
DHCP user request	The user requested to go offline.	Identify whether the user has gone offline.

IPoE_USER_LOGOFF_ABNORMAL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off abnormally.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 11).
Severity level	6
Example	IPOE/6/IPOE_USER_LOGOFF_ABNORMAL: -UserName=user1-IPAddr=1.1.0.1- IfName=Bas-interface0-OuterVLAN=N/A-InnerVLAN=N/A-MACAddr=FFFF-FFFF-Reason= Session timeout; The user logged off abnormally.
Explanation	The user has gone offline abnormally.
Recommended action	See Table 11.

Table 11 Causes and recommend actions

Cause	Description	Recommended action
Admin reset	The access interface went down, and the dynamic IPoE sessions or the static IPoE sessions were deleted.	1. Identify whether the access interface has gone down. 2. Identify whether the reset ip subscriber session command has been executed to delete the dynamic IPoE sessions. 3. Identify whether the undo ip subscriber session static command has been executed to delete the static IPoE sessions. 4. Identify whether new static users are added. 5. Identify whether IPoE has been disabled by using the undo ip subscriber { l2-connected \| routed } enable command.
Session timeout	The user session timed out or the traffic quota was used up.	Notify the user that the user session timed out or to renew the user account.
Session idle cut	The user traffic did not reach the threshold within the specified period.	Identify whether the user has gone offline.
DHCP lease timeout	N/A.	Notify the user that the address lease has expired.
DHCP notify	The DHCP module notified the user to go offline.	Identify whether the user has gone offline.
User online detection failure	N/A.	Identify whether the user has gone offline.
AAA request	The RADIUS server requested the user to go offline.	No action is required.
Insufficient hardware resources	N/A.	Save the related log information locally and contact the support.
Interface down	N/A.	Verify that the network cable of the user access interface is correctly connected.
Interface shutdown	N/A.	Identify whether the shutdown command has been executed on the user access interface.
VSRP status change	N/A.	Identify whether the user has gone offline.
BRAS errors	The BRAS software errors caused the user to go offline.	1. Collect debugging information about the user login process by executing the following commands in sequence: ¡ terminal monitor ¡ terminal debugging ¡ debugging ip subscriber 2. Save the related log and debugging information locally and contact the support.

IPS messages

This section contains IPS messages.

IPS_IPV4_INTERZONE (syslog)(fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];LoginUserName(1177)=[STRING];LoginPwd(1178)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];FileName(1097)=[STRING];SrcMacAddr(1021)=[STRING];DstMacAddr(1022)=[STRING];RealSrcMacAddr(1204)=[STRING];RealDstMacAddr(1205)=[STRING];CWE(1174)=[STRING];VlanID(1175)=[UINT32];PayLoad(1135)=[STRING];PayLoad(1135)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Login username. $26: Login password. Support for this field depends the device model. $27: Capture file name. $28: Host field. $29: Packet first line. $30: File name. $31: Source MAC address. $32: Destination MAC address. $33: Real source MAC address. The value for this field is displayed only when MAC address learning through a Layer 3 device is enabled. $34: Real destination MAC address. The value for this field is displayed only when MAC address learning through a Layer 3 device is enabled. $35: Common weakness enumeration (CWE). $36: VLAN ID. $37: Event return value.
Severity level	4
Example	IPS/4/IPS_IPV4_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=100.10.10.40;SrcPort(1004)=2999;DstIPAddr(1007)=200.10.10.40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=original;RealSrcIP(1100)=10.10.10.10,20.20.20.20;SubCategory(1124)=Other;LoginUserName(1177)=admin;LoginPwd(1178)=YW5nc2MxMDA2Vw==;CapturePktName(1116)=ips_100.10.10.40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;FileName(1097)=123.txt;SrcMacAddr(1021)=0cda-411d-16aa;DstMacAddr(1022)=0cda-411d-a1e6;RealSrcMacAddr(1204)=;RealDstMacAddr(1205)=;CWE(1174)=CWE-200;VlanID(1175)=60;PayLoad(1135)=/file/show.cgi;
Explanation	This message is sent when an IPv4 packet matches a WAF signature.
Recommended action	No action is required.

IPS_IPV6_INTERZONE (syslog)(fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=-[ STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];LoginUserName(1177)=[STRING];LoginPwd(1178)=[STRING];CapturePktName(1116)=[STRING];HttpHost(1117)=[STRING];HttpFirstLine(1118)=[STRING];FileName(1097)=[STRING];SrcMacAddr(1021)=[STRING];DstMacAddr(1022)=[STRING];RealSrcMacAddr(1204)=[STRING];RealDstMacAddr(1205)=[STRING];CWE(1174)=[STRING];VlanID(1175)=[UINT32];PayLoad(1135)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Login username. $26: Login password. Support for this field depends on the device model. $27: Capture file name. $28: Host field. $29: Packet first line. $30: File name. $31: Source MAC address. $32: Destination MAC address. $33: Real source MAC address. The value for this field is displayed only when MAC address learning through a Layer 3 device is enabled. $34: Real destination MAC address. The value for this field is displayed only when MAC address learning through a Layer 3 device is enabled. $35: CWE. $36: VLAN ID. $37: Event return value.
Severity level	4
Example	IPS/4/IPS_IPV6_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=2999;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=reply;RealSrcIP(1100)=10::1;SubCategory(1124)=Other;LoginUserName(1177)=admin;LoginPwd(1178)=YW5nc2MxMDA2Vw==;CapturePktName(1116)=ips_100::40_20171205_101112_5707.pcap;HttpHost(1117)=www.shr.com;HttpFirstLine(1118)=/file/show.cgi%7cecho%20HSC/http_pic_300k.jpg;FileName(1097)=123.txt;SrcMacAddr(1021)=0cda-411d-16aa;DstMacAddr(1022)=0cda-411d-a1e6;RealSrcMacAddr(1204)=;RealDstMacAddr(1205)=;CWE(1174)=CWE-200;VlanID(1175)=60;PayLoad(1135)=/file/show.cgi;
Explanation	This message is sent when an IPv6 packet matches an IPS signature.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Updated the IPS signature library successfully.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Updated the IPS signature library successfully.
Explanation	The IPS signature library was updated successfully through a manual offline update or triggered online update.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Rolled back the IPS signature library successfully.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Rolled back the IPS signature library successfully.
Explanation	The IPS signature library was rolled back to the previous or factory default version successfully.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Failed to update the IPS signature library because no valid license was found for the IPS feature.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Failed to update the IPS signature library because no valid license was found for the IPS feature.
Explanation	Failed to update the IPS signature library through immediate online update, local offline update, or scheduled online update, because no valid license can be found. For local offline update failures, this message is displayed only for operations performed on the Web interface.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	SNORT rule may lost because lock failed during recover!
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; SNORT rule may lost because lock failed during recover!
Explanation	Some Snort rules might be lost because of lock failure during configuration recovery.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	The max of snort rule count is 1024.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; The max of snort rule count is 1024.
Explanation	The number of Snort rules already reached the upper limit (1024).
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Import snort rule successfully.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Import snort rule successfully.
Explanation	Snort rules were imported successfully.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Import snort rule completely,the total error rules [UINT32].
Variable fields	$1: Total number of user-defined Snort rules that failed to be imported.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Import snort rule completely,the total error rules 10.
Explanation	The system finished importing Snort rules and failed to import some Snort rules.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Unload the user-defined snort rules successfully.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Unload the user-defined snort rules successfully.
Explanation	The user-defined Snort rules were deleted successfully.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Copy SigPack file failed because flash is not enough.
Variable fields	N/A
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Copy SigPack file failed because flash is not enough.
Explanation	Failed to update the IPS signature library because the storage space is insufficient.
Recommended action	No action is required.

IPS_WARNING (syslog)

Message text	Failed to update signature package in phase [STRING].
Variable fields	$1: Update phase: ¡ UNKNOWN—Unknown. ¡ DOWNLOAD—Signature file download phase. ¡ GETURLFILE—The system obtains the signature file path. ¡ PREPARE—Signature library preparation phase. ¡ PARSE—Signature library parsing phase. ¡ UNKNOWN—Unknown.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Failed to update signature package in phase PARSE.
Explanation	Failed to update the IPS signature library in a specific phase.
Recommended action	No action is required.

IPSEC messages

This section contains IPsec messages.

IPSEC_DEBUG_LOG

Message text	IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING].
Variable fields	$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched.
Severity level	6
Example	IPSEC/6/log: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed
Explanation	An IPsec packet was dropped.
Recommended action	No action is required.

IPSEC_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	Failed to add the flow table.
Recommended action	If the failure is caused by not enough hardware resources, contact H3C Support.

IPSEC_GLOBAL_FLAG_LOGP2MPENABLE

Message text	IPsec P2MP tunnel table item created/deleted,tunnel index: [UINT32],tunnel sequence num: [UINT32],peer public IP: [STRING],peer tunnel IP: [STRING],interface index: [UINT32],port: [UINT32]
Variable fields	$1: Tunnel index $2: Tunnel sequence number. $3: Public IP address of the destination branch network. $4: Tunnel destination address. $5: Interface index. $6: Port number of the destination branch network.
Severity level	6
Example	IPsec P2MP tunnel table item created,tunnel index: 0,tunnel sequence num: 1,peer public IP:10.1.1.2,peer tunnel IP:192.168.10.2,interface index: 140,port: 62465
Explanation	A P2MP IPsec tunnel entry was created.
Recommended action	No action is required.

IPSEC_KD3P_LOGINFO

Message text	Anti-replay dropped a packet: src=[STRING]; time-sent=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-received=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-diff=[UINT32]us; window-size= +-[FLOAT]ms.
Variable fields	$1: Source IP address of the packet. $2: Day of the week on which the packet was sent. $3: Day of the month on which the packet was sent. $4: Month in which the packet was sent. $5: Year in which the packet was sent. $6: Hour at which the packet was sent. $7: Minute at which the packet was sent. $8: Second at which the packet was sent. $9: Microsecond at which the packet was sent. $10: Day of the week on which the packet was received. $11: Day of the month on which the packet was received. $12: Month in which the packet was received. $13: Year in which the packet was received. $14: Hour at which the packet was received. $15: Minute at which the packet was received. $16: Second at which the packet was received. $17: Microsecond at which the packet was received. $18: Interval between the time the packet was sent and the time it was received, in microseconds. $19: Half the anti-replay window size, in milliseconds.
Severity level	6
Example	IPSEC/6/IPSEC_ANTI-REPLAY_WINDOWS_ERROR: Anti-replay dropped a packet: src=192.168.58.178;time-sent=Sat, 23 Apr 2016 11:17:29 594565us; time-received =Sat, 23 Apr 2016 11:17:26 707866us; time-diff=2886699us; window-size =+-2500ms.
Explanation	A packet was dropped. Possible reasons include: · The interval between the time the packet was sent and the time it was received exceeds the anti-replay window size. · Anti-replay is enabled on the receiving IPsec tunnel end but the received packet does not have an anti-replay header. · In tunnel mode, anti-replay is not enabled but the received packet has an anti-replay header.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH

Message text	IPsec SA was established. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Role, initiator or responder. $2: Local IP address. $3: Remote IP address. $4-$9: Data flow related parameters. $10: Inside VPN instance. $11: Outside VPN instance. $12: Inbound AH SPI. $13: Outbound AH SPI. $14: Inbound ESP SPI. $15: Outbound ESP SPI. $16: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $17: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH: IPsec SA was established. Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was established.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH_FAIL

Message text	Failed to establish IPsec SA. Reason: [STRING]. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Failure reason: · Get SP: Required configuration is missing in the SP. SP ID=%u. · Get SP: The SP's local address doesn't match the local address configured in the IKE profile. SP ID=%u, SP's local address=%s, p2policy's local address=%s. · Get SP: The remote address doesn't exist. SP ID=%u, hostname=%s. · Get SP: The SP's remote address doesn't match the remote address configured in the IKE profile. SP ID=%u, SP's remote address=%s, p2policy's remote address=%s. · The policy contains incorrect ACL or IKE profile configuration. · Get SP: The SP doesn't have an IPsec transform set. · Get SP: Failed to create larval SA. · Create SA: Failed to fill the SA. · Create SA: Failed to create SA. · Create SA: Can't find SP. · Failed to create tunnel because a tunnel with the same index and sequence number already exists. Tunnel index=%d, tunnel seq=%d. · Failed to switch SA because the inbound SA can't be found. SPI=%u. · Failed to switch SA because the SA state is incorrect. · Failed to switch SA because the outbound SA can't be found. · Failed to switch SA because the outbound SA using another security protocol can't be found. · Failed to switch SA in kernel. · Failed to notify kernel of the link state change. · Number of IPsec tunnels reached the crypto capacity of the device. · Maximum number of IPsec tunnels already reached. · Failed to add IPsec tunnel. · Getting SP: IPsec is smoothing. · Getting SP: IPsec is not running. · Getting SP: Failed to find SP by index and sequence number. · Getting SP: Creating SA timed out. · Getting SP by interface: Target node not online. · Getting SP by mGRE: Failed to get interface. · Getting SP: Failed to get SP by mGRE because interface type was invalid. · Getting SP: Failed to get SP by mGRE because of no tunnel protection configuration. · Getting SP: Failed to get SP by mGRE because profile %s was not found. · Getting SP: Failed to get SP by mGRE because of wrong profile type. · Getting SP by mGRE: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by mgre. · Getting SP: Failed to get SP by SVTI because of invalid interface type. · Getting SP: Failed to get SP by SVTI because of no tunnel protection configuration with interface %s. · Getting SP: Failed to get SP by SVTI because profile %s was not found. · Getting SP: Failed to get SP by SVTI because of wrong type of profile %s. · Getting SP by SVTI: Failed to find profile SP by profile %s. · Getting SP: Failed to get SP by SVTI because SP type was not ISAKMP with profile %s. · Getting SP: Failed to match flow because renegotiation SP's index or Seqnum changed. · Getting SP: Failed to match SVTI flow because IKE profile was not match. · Getting SP: Failed to match SVTI flow because flow was not match with ACL. · Getting SP by SVTI: Failed to create larval SA. · Getting SP: Failed to get SP by SVTI with interface %s. · Getting SP by L3 interface: Failed to get interface data. · Getting SP: Failed to get SP by L3 interface because no SP entry was found by key. · Getting SP: Failed to get SP by L3 interface because no source interface SP entry was found by key. · Getting SP by L3 interface: Failed to match SP because SP's mode not ISAKMP. · Getting SP by L3 interface: Failed to match SP because SP negotiation not complete. · Getting SP: Rejected peer's request of any flow when SP's mode was isakmp template and no ACL was specified. · Getting SP by L3 interface: Failed to match SP because policy cannot be found by SP. · Getting SP by L3 interface: Failed to match SP because IKE profile was %s while IPsec used profile %s. · Getting SP: Failed to match flow because ACL not match. · Getting SP: Failed to match flow because renegotiation SP's index or Seqnum changed. · Getting SP: Flow netmask check failed. · Getting SP: Flow overlap check failed. $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outbound ESP SPI. $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA Reason: Failed to add IPsec tunnel. SA information: Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	Failed to establish an IPsec SA.
Recommended action	Verify the IPsec configurations on the local and peer devices.

IPSEC_SA_INITIATION

Message text	Began to establish IPsec SA. Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Local IP address. $2: Remote IP address. $3-$8: Data flow related parameters. $9: Inside VPN instance. $10: Outside VPN instance. $11: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $12: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_INITIATION: Began to establish IPsec SA. Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb ACL number: 3101
Explanation	An IPsec SA was to be established.
Recommended action	No action is required.

IPSEC_SA_TERMINATE

Message text	The IPsec SA was deleted. Reason: [STRING] SA information: · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · ACL number: [UINT32] · ACL name: [STRING]
Variable fields	$1: Reason for the deletion: · SA idle timeout · The reset command was executed · Internal event · Configuration change · An IKE SA deletion message was received $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI $14: Outbound AH SPI $15: Inbound ESP SPI $16: Outbound ESP SPI $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted. Reason: SA idle timeout. SA information: Role: initiator Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was deleted.
Recommended action	No action is required.

IPSG messages

This section contains IPSG messages.

IPSG_ADDENTRY_ERROR

Message text	Failed to add an IP source guard binding (IPv4 [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING]. Failed to add an IP source guard binding (IPv6 [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field is empty. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reasons. Available options include: ¡ Feature not supported ¡ Resources not sufficient ¡ Resource conflict ¡ Unknown error
Severity level	6
Example	IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IPv4 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Resources not sufficient.
Explanation	IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · The hardware resources are not sufficient for the operation. · The resource conflict occurs. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. · Add the IPSG binding again if you are adding a static binding. · Verify that the ACL or QoS policy configuration does not conflict with the IPSG configuration when a resource conflict occurs. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELENTRY_ERROR

Message text	Failed to delete an IP source guard binding (IPv4 [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING]. Failed to delete an IP source guard binding (IPv6 [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field is empty. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: ¡ Feature not supported ¡ Unknown error
Severity level	6
Example	IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IPv4 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error.
Explanation	IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Delete the global static IPSG binding again. · Contact H3C Support if the failure is caused by an unknown error.

IRDP messages

This section contains IRDP messages.

IRDP_EXCEED_ADVADDR_LIMIT

Message text	The number of advertisement addresses on interface [STRING] exceeded the limit 255.
Variable fields	$1: Interface name.
Severity level	6
Example	IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface Ethernet1/1/0/2 exceeded the limit 255.
Explanation	The number of addresses to be advertised on an interface exceeds the upper limit.
Recommended action	Remove unused addresses on the interface.

IRF

This section contains IRF messages.

IRF_LINK_BLOCK

Message text	IRF port went blocked.
Variable fields	N/A
Severity level	2
Example	IRF/2/IRF_LINK_BLOCK: IRF port went blocked.
Explanation	The IRF port was blocked. A blocked IRF port cannot send and receive service packets, but it can send and receive IRF protocol packets. For example, this message appears on the member device that has the lower priority when an IRF member ID conflict is detected for member devices.
Recommended action	Check the IRF member ID on each member device for any conflict, and change the IRF member IDs of member devices to be unique.

IRF_LINK_DOWN

Message text	IRF port went down.
Variable fields	N/A
Severity level	3
Example	IRF/3/IRF_LINK_DOWN: IRF port went down.
Explanation	The IRF port went down.
Recommended action	Verify the following items: · Network interfaces have been bound to the IRF port. · The IRF network interfaces and the peer interfaces have Layer 2 connectivity.

IRF_LINK_UP

Message text	IRF port came up.
Variable fields	N/A
Severity level	6
Example	IRF/6/IRF_LINK_UP: IRF port came up.
Explanation	The IRF port came up.
Recommended action	No action is required.

IRF_MEMBER_LEFT

Message text	Member [STRING] left the IRF fabric.
Variable fields	$1: IRF member ID of the device.
Severity level	4
Example	IRF/4/IRF_MEMBER_LEFT: Member 2 left the IRF fabric.
Explanation	This message occurs when a member device left the IRF fabric.
Recommended action	No action is required.

IRF_MEMBERID_CONFLICT

Message text	IRF member ID conflict occurred. The ID [UINT32] has been used for another device with CPU-Mac: [STRING].
Variable fields	$1: IRF member ID of the device. $2: CPU MAC address of the device.
Severity level	4
Example	IRF/4/IRF_MEMBERID_CONFLICT:-slot = 5; IRF member ID conflict occurred, The ID 5 has been used for another device with CPU-Mac: 000c-29d7-c1ae.
Explanation	This message occurs when the device detects that it has the same IRF member ID as another device in the same broadcast domain.
Recommended action	Check the IRF member IDs and change the IRF member ID of a device. Make sure the member devices use unique member IDs.

IRF_MEMBERID_CONFLICT_REBOOT

Message text	IRF member ID conflict. For the device to join the IRF fabric,please change the device member ID to a unique one among all the IRF member devices and reboot the device.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MEMBERID_CONFLICT_REBOOT: IRF member ID conflict. For the device to join the IRF fabric,please change the device member ID to a unique one among all the IRF member devices and reboot the device.
Explanation	This message occurs if the device fails to join an IRF fabric because it is using the same member ID as another IRF member device. In this situation, the network ports on the device will be blocked until it re-joins the IRF fabric with a unique member ID.
Recommended action	1. Log in to the device that displayed this message. 2. Change the member ID of the device to a unique one. 3. Reboot the device to re-join the IRF fabric.

IRF_MERGE

Message text	IRF merge occurred.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MERGE: IRF merge occurred.
Explanation	IRF merge occurred.
Recommended action	No action is required.

IRF_MERGE_NEED_REBOOT

Message text	IRF merge occurred. This IRF system needs a reboot.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot.
Explanation	IRF merge occurred. This IRF fabric needs a reboot to complete the IRF merge because the master of this IRF fabric failed the master election for IRF merge.
Recommended action	Reboot the IRF fabric to complete the IRF merge.

IRF_MERGE_NOT_NEED_REBOOT

Message text	IRF merge occurred. This IRF system does not need to reboot.
Variable fields	N/A
Severity level	5
Example	IRF/5/IRF_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot.
Explanation	IRF merge occurred. This IRF fabric does not need to reboot because the master of this IRF fabric won the master election for IRF merge.
Recommended action	No action is required.

IRF_NEWMEMBER_JOIN

Message text	Member [STRING] joined the IRF fabric.
Variable fields	$1: IRF member ID of the device.
Severity level	4
Example	IRF/4/IRF_NEWMEMBER_JOIN: Member 2 joined the IRF fabric.
Explanation	This message occurs when a member device joined the IRF fabric.
Recommended action	No action is required.

ISIS messages

This section contains IS-IS messages.

ISIS_MEM_ALERT

Message text	ISIS Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	ISIS/5/ISIS_MEM_ALERT: ISIS Process received system memory alert start event.
Explanation	IS-IS received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

ISIS_NBR_CHG

Message text	IS-IS [UINT32], [STRING] adjacency [STRING] [STRING], state changed to [STRING].
Variable fields	$1: IS-IS process ID. $2: Neighbor level. $3: Neighbor ID. $4: Interface name. $5: Current adjacency state, which can be DOWN, UP, or INIT.
Severity level	5
Example	ISIS/5/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.8888 (Eth1/4/1/3), state changed to DOWN.
Explanation	The IS-IS adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes to down on an interface, check for IS-IS configuration errors and loss of network connectivity.

ISSU messages

This section contains ISSU messages.

ISSU_ROLLBACKCHECKNORMAL

Message text	The rollback might not be able to restore the previous version for [STRING] because the status is not normal.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal.
Explanation	While an ISSU was in switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not normal.
Recommended action	No action is required.

ISSU_SWITCHOVER

Message text	Switchover completed on [STRING].
Variable fields	Pattern 1: $1: String the device or the name of an MDC or context. Pattern 2: $1: A string that indicates the slot number, CPU number, and MDC or context name. Pattern 3: $1: A string that indicates the chassis number, slot number, CPU number, and MDC or context name. The CPU number in this message is the number of a CPU on an extended module. It may not be the default CPU number. Support for the CPU number, MDC name, and context name depends on the device model.
Severity level	5
Example	Pattern 1: ISSU/5/ISSU_SWITCHOVER: Switchover completed on the device. Pattern 2: ISSU/5/ISSU_SWITCHOVER: Switchover completed on slot 1 CPU 1 in context a. Pattern 3: ISSU/5/ISSU_SWITCHOVER: Switchover completed on chassis 2 slot 3 in MDC a.
Explanation	A switchover was completed on the device or a slot. If MDCs or contexts are running on the device or slot, a switchover is completed only if the switchover is completed on all MDCs or contexts.
Recommended action	No action is required.

ISSU_UPGRADE

Message text	Upgrade completed on [STRING].
Variable fields	Pattern 1: $1: String the device or the name of an MDC or context. Pattern 2: $1: A string that indicates the slot number, CPU number, and MDC or context name. Pattern 3: $1: A string that indicates the chassis number, slot number, CPU number, and MDC or context name. The CPU number in this message is the number of a CPU on an extended module. It may not be the default CPU number. Support for the CPU number, MDC name, and context name depends on the device model.
Severity level	5
Example	Pattern 1: ISSU/5/ISSU_UPGRADE: Upgrade completed on the device. Pattern 2: ISSU/5/ISSU_UPGRADE: Upgrade completed on slot 1 CPU 1 in context a. Pattern 3: ISSU/5/ISSU_UPGRADE: Upgrade completed on chassis 2 slot 3 in MDC a.
Explanation	An ISSU was completed on the device or a slot. If MDCs or contexts are running on the device or slot, an ISSU is completed only if the ISSU is completed on all MDCs or contexts.
Recommended action	No action is required.

KDNS messages

This section contains KDNS messages.

KDNS_BIND_PORT_ALLOCETED

Message text	Failed to bind UDP [STRING] connection port [NUMBER] to VPN instance [STRING] for the DNS listener because the port has already been allocated.
Variable fields	$1: UDP port type: · IPv4 · IPv6 $2: UDP port number. $3: VPN instance name.
Severity level	3
Example	KDNS/3/KDNS_BIND_PORT_ALLOCETED: -MDC=1; Failed to bind UDP IPv4 connection port 53 to VPN instance vpn1 for the DNS listener because the port has already been allocated.
Explanation	The system failed to bind a UDP port to a DNS listener because the port has been used.
Recommended action	Bind a UDP port that has not been used.

KHTTP messages

This section contains KHTTP messages.

KHTTP_BIND_PORT_ALLOCETED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the port was already allocated.
Variable fields	$1: IP address. $2: Port number. $3: Index of a VPN instance.
Severity level	3
Example	KHTTP/3/KHTTP_BIND_PORT_ALLOCETED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the port was already allocated.
Explanation	Failed to bind an IP address and a port number to a VPN instance because the port number was already allocated.
Recommended action	1. Display port information by executing the display tcp-proxy port-info or display ipv6 tcp-proxy port-info command. 2. Rebind the TCP connection to the VPN instance by using an available port number.

KHTTP_BIND_ADDRESS_INUSED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the address was already used.
Variable fields	$1: IP address. $2: Port number. $3: Index of a VPN instance.
Severity level	3
Example	KHTTP/3/KHTTP_BIND_ADDRESS_INUSED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the address was already used.
Explanation	Failed to bind an IP address and a port number to a VPN instance because the IP address was already used and cannot be reused.
Recommended action	1. Display IP address information by executing the display tcp-proxy command. 2. Rebind the TCP connection to the VPN instance by using an unused or a reusable IP address.

L2PT messages

This section contains L2PT messages.

L2PT_SET_MULTIMAC_FAILED

Message text	Failed to set a tunnel destination MAC address to [MAC].
Variable fields	$1: MAC address.
Severity level	4
Example	L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003.
Explanation	Failed to specify the destination multicast MAC address for tunneled packets.
Recommended action	No action is required.

L2PT_CREATE_TUNNELGROUP_FAILED

Message text	Failed to create a VLAN tunnel group for [STRING].
Variable fields	$1: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP.
Explanation	Failed to create a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ADD_GROUPMEMBER_FAILED

Message text	Failed to add [STRING] as a member to the VLAN tunnel group for [STRING].
Variable fields	$1: Interface name. $2: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_ADD_GROUPMEMBER_FAILED: Failed to add GigabitEthernet2/0/1 as a member to the VLAN tunnel group for STP.
Explanation	Failed to add an interface to a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ENABLE_DROP_FAILED

Message text	Failed to enable [STRING] packet drop on [STRING].
Variable fields	$1: Protocol name. $2: Interface name.
Severity level	4
Example	L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1.
Explanation	Failed to enable L2PT drop for a protocol on an interface.
Recommended action	No action is required.

L2TPv2 messages

This section contains L2TPv2 messages.

L2TPV2_TUNNEL_EXCEED_LIMIT

Message text	Number of L2TP tunnels exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit.
Explanation	The number of established L2TP tunnels has reached the limit.
Recommended action	1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C for support.

L2TPV2_SESSION_EXCEED_LIMIT

Message text	Number of L2TP sessions exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit.
Explanation	The number of established L2TP sessions has reached the limit.
Recommended action	No action is required.

L2VPN messages

This section contains L2VPN messages.

L2VPN_BGPVC_CONFLICT_LOCAL

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with local site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_LOCAL: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with local site.
Explanation	A remote site ID conflicted with the local site ID. This message is generated when one of the following situations occurs: · The received remote site ID is the same as the local site ID. · The local site ID is configured the same as a received remote site ID.
Recommended action	Modify the site ID configuration on the local device or remote device. Or, configure the remote site ID in a different VPLS instance than the local site ID.

L2VPN_BGPVC_CONFLICT_REMOTE

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with another remote site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_REMOTE: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with another remote site.
Explanation	Two remote site IDs conflicted. This message is generated when the received remote site ID is the same as another received remote site ID.
Recommended action	Modify the site ID configuration on one remote device. Or, configure the two remote site IDs in different VPLS instances.

L2VPN_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for L2VPN.
Variable fields	N/A
Severity level	4
Example	L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN.
Explanation	Hardware resources for L2VPN were insufficient.
Recommended action	Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them.

L2VPN_HARD_RESOURCE_RESTORE

Message text	Hardware resources for L2VPN are restored.
Variable fields	N/A
Severity level	6
Example	L2VPN/6/L2VPN_HARD_RESOURCE_RESTORE: Hardware resources for L2VPN are restored.
Explanation	Hardware resources for L2VPN were restored.
Recommended action	No action is required.

L2VPN_LABEL_DUPLICATE

Message text	Incoming label [INT32] for a static PW in [STRING] [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Type of L2VPN, Xconnect-group or VSI. $3: Name of the Xconnect-group or VSI.
Severity level	4
Example	L2VPN/4/L2VPN_LABEL_DUPLICATE: Incoming label 1024 for a static PW in Xconnect-group aaa is duplicate.
Explanation	The incoming label of a static PW in this Xconnect-group or VSI was occupied by another configuration, for example, by a static LSP or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static PW with an incoming label which is occupied by another configuration. · Enable MPLS when a static PW whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static PW, and reconfigure it with another incoming label.

LAGG messages

This section contains link aggregation messages.

LAGG_ACTIVE

Message text	Member port [STRING] of aggregation group [STRING] changed to the active state.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_ACTIVE: Member port GE1/0/1 of aggregation group BAGG1 changed to the active state.
Explanation	A member port in an aggregation group changed to the Selected state.
Recommended action	No action is required.

LAGG_INACTIVE_AICFG

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_AICFG: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations.
Recommended action	Modify the attribute configurations of the member port to be consistent with the aggregate interface.

LAGG_INACTIVE_BFD

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_BFD: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the BFD session on the port became down.
Recommended action	To resolve the problem, you can perform the following tasks: · Verify that link failure has occurred and troubleshoot the failure. · Modify the port information and configuration for the port to have the same operational key and attribute configuration as the reference port.

LAGG_INACTIVE_CONFIGURATION

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configuration.
Recommended action	No action is required.

LAGG_INACTIVE_DUPLEX

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_DUPLEX: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Explanation	A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port.
Recommended action	Change the duplex mode of the member port to be the same as the reference port.

LAGG_INACTIVE_HARDWAREVALUE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction.
Explanation	A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction.
Recommended action	No action is required.

LAGG_INACTIVE_LOWER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports is below the lower limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports is below the lower limit.
Explanation	A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached.
Recommended action	Make sure the minimum number of Selected ports is met.

LAGG_INACTIVE_PARTNER

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PARTNER: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state.
Recommended action	No action is required.

LAGG_INACTIVE_PHYSTATE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical state of the port is down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the physical state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the port went down.
Recommended action	Bring up the member port.

LAGG_INACTIVE_RESOURCE_INSUFICIE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because all aggregate resources are occupied.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because all aggregate resources are occupied.
Explanation	A member port in an aggregation group changed to the Unselected state because all aggregation resources were used.
Recommended action	No action is required.

LAGG_INACTIVE_SPEED

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_SPEED: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port.
Recommended action	Change the speed of the member port to be the same as the reference port.

LAGG_INACTIVE_UPPER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports has reached the upper limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports has reached the upper limit.
Explanation	The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group.
Recommended action	No action is required.

LB messages

This section contains LB messages.

DNS_PROXY_SCHED (fast log output)

Message text	Form 1: SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];SNDVPNINSTANCE(1043)=[STRING];DNSProxyPort(1188)=[UINT16];Class(1184)=[STRING];Fwdmode(1185)=[STRING];Schedule(1195)=[STRING];DNSServerPool(1189)=[STRING];Predictor(1193)=[STRING];Link(1187)=[STRING];RouterIfName(1188)=[STRING];DNSServer(1192)=[STRING];DNSServerIP(1191)=[STRING];DNSServerPort(1192)=[UINT16]. Form 2: Failed to schedule: SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];SNDVPNINSTANCE(1043)=[STRING];DNSProxyPort(1188)=[UINT16];Class(1184)=[STRING];Fwdmode(1185)=[STRING];Schedule(1195)=[STRING];DNSServerPool(1189)=[STRING];Predictor(1193)=[STRING];Link(1187)=[STRING];RouterIfName(1188)=[STRING];DNSServer(1192)=[STRING];DNSServerIP(1191)=[STRING];DNSServerPort(1192)=[UINT16].
Variable fields	$1: Source IP address of the DNS request. $2: Source port number of the DNS request. $3: Destination IP address of the DNS request. $4: Destination port number of the DNS request. $5: VPN instance name. $6: Port number of the transparent DNS proxy. $7: LB class. If no LB class exists or is matched, the value is none. $8: Forwarding action: ¡ drop. ¡ forward. ¡ loadbalance. ¡ skip. ¡ none—No action is matched. $9: Scheduling mode: ¡ sticky method. ¡ predictor. ¡ If no scheduling mode is matched, nothing is displayed. $10: DNS server pool name. $11: Scheduling algorithm. $12: Link associated with the DNS server. If the link fails, the value is none. $13: Output interface of the link. If the link fails, the value is none. $14: DNS server name. $15: IP address of the DNS server. If the DNS server fails, the value is none. $16: Port number of the DNS server. If the DNS server fails, the value is none.
Severity level	6
Example	Form 1: LB/6/DNS_PROXY_SCHED: SrcIPAddr(1003)=188.100.0.25;SrcPort(1004)=60073;DstIPAddr(1007)=187.44.2.23;DstPort(1008)=53;SNDVPNINSTANCE(1043)=0;DNSProxyPort(1188)=80;Class(1184)=c1;Fwdmode(1185)=loadbalance;Schedule=sticky method;DNSServerPool(1189)=dsp1;Link(1187)=lk1;RouterIfName(1188)=dialer0;DNSServer(1192)=ds1;DNSServerIP(1191)=192.168.7.133;DNSServerPort(1192)=53. Form 2: LB/6/DNS_PROXY_SCHED: Failed to schedule: SrcIPAddr(1003)=188.100.0.25;SrcPort(1004)=60073;DstIPAddr(1007)=187.44.2.23;DstPort(1008)=53;SNDVPNINSTANCE(1043)=0;DNSProxyPort(1188)=80;Class(1184)=c1;Fwdmode(1185)=loadbalance;Schedule=predictor;DNSServerPool(1189)=dsp1;Predictor(1193)=RR;Link(1187)=lk1;RouterIfName(1188)=dialer0;DNSServer(1192)=ds1;DNSServerIP(1191)=none;DNSServerPort(1192)=none.
Explanation	Form 1: This message is generated when transparent DNS proxy is performed successfully. Form 2: This message is generated when transparent DNS proxy fails to be performed.
Recommended action	No action is required.

INBOUND_LLB_SCHED (fast log output)

Message text	DNS request:SrcIPAddr=[STRING];SrcPort=[UINT16];DstIPAddr=[STRING];DstPort=[UINT16];VPN=[STRING];queried domain name:[STRING] (packet type=[STRING]);DNS mapping=[STRING];virtual server pool:name=[STRING];predictor=[STRING] (priority=[STRING]);DNS response: IPAddr=[STRING].
Variable fields	$1: Source IP address of the DNS request. $2: Source port number of the DNS request. $3: Destination IP address of the DNS request. $4: Destination port number of the DNS request. $5: VPN instance name. $6: Requested domain name in the DNS request. $7: Type of the DNS request. $8: DNS mapping name. $9: Virtual server pool name. $10: Scheduling algorithm of the virtual server pool. $11: Priority of the scheduling algorithm of the virtual server pool. $12: IP address of the DNS response.
Severity level	6
Example	LB/6/INBOUND_LLB_SCHED: DNS request:SrcIPAddr=188.100.0.25;SrcPort=60073;DstIPAddr=187.44.2.23;DstPort=53;VPN=0;queried domain name:1.com(packet type=A);DNS mapping=dm;virtual server pool: name=vsp;predictor=RR(priority=Preferred);DNS response: IPAddr=3.4.5.6.
Explanation	This message is generated when inbound link load balancing is performed successfully.
Recommended action	No action is required.

INBOUND_LLB_SCHED_FAILURE (fast log output)

Message text	[STRING] a DNS request:SrcIPAddr=[STRING];SrcPort=[UINT16];DstIPAddr=[STRING];DstPort=[UINT16];VPN=[STRING];queried domain name:[STRING] (packet type=[STRING]).
Variable fields	$1: Failure action: ¡ Dropped. ¡ Responded through the DNS proxy. ¡ Rejected—Replies with a DNS reject packet. $2: Source IP address of the DNS request. $3: Source port number of the DNS request. $4: Destination IP address of the DNS request. $5: Destination port number of the DNS request. $6: VPN instance name. $7: Requested domain name in the DNS request. $8: Type of the DNS request.
Severity level	6
Example	LB/6/INBOUND_LLB_SCHED_FAILURE: Rejected a DNS request:SrcIPAddr=190.44.0.60;SrcPort=61701;DstIPAddr=191.44.0.1;DstPort=53;VPN=; queried domain name:2.com(packet type=A).
Explanation	This message is generated when inbound link load balancing fails to be performed.
Recommended action	No action is required.

LB_CHANGE_DEFAULTLG_STATE_VS

Message text	The state of link group associated with virtual server [STRING] was changed, primary link group is [STRING], backup link group is [STRING], current link group is [STRING].
Variable fields	$1: Virtual server name. $2: Primary link group name. $3: Backup link group name. $4: Current link group name.
Severity level	5
Example	LB/5/LB_CHANGE_DEFAULTLG_STATE_VS: -Context=1; The state of link group associated with virtual server VS was changed, primary link group is MF, backup link group is BF, current link group is CF.
Explanation	The state of the link group associated with a virtual server changed.
Recommended action	Check whether the availability criteria setting for the link group is changed. If the setting is not changed, check the network environment and link state.

LB_CHANGE_DEFAULTSF_STATE_VS

Message text	The state of server farm associated with virtual server [STRING] was changed, primary server farm is [STRING], backup server farm is [STRING], current server farm is [STRING].
Variable fields	$1: Virtual server name. $2: Primary server farm name. $3: Backup server farm name. $4: Current server farm name.
Severity level	5
Example	LB/5/LB_CHANGE_DEFAULTSF_STATE_VS: The state of server farm associated with virtual server VS was changed, primary server farm is MF, backup server farm is BF, current server farm is CF.
Explanation	The state of the server farm associated with a virtual server changed.
Recommended action	Check whether the availability criteria setting for the server farm is changed. If the setting is not changed, check the network environment and real server state.

LB_CHANGE_DS_HCSTATUS

Message text	The health state of DNS server [STRING] was changed to [STRING]. Last state was kept for [ULONG] seconds.
Variable fields	$1: DNS server name. $2: Health state of the link: Active or Inactive. $3: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_DS_HCSTATUS: The health state of DNS server DS was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a DNS server changed, and the DNS server had stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and DNS server state when the health state of a DNS server is inactive.

LB_CHANGE_DS_PROBERESULT

Message text	The probe result of DNS server [STRING] template [STRING] was changed to [STRING].
Variable fields	$1: DNS server name. $2: Name of the NQA template used by the health monitoring method. $3: Health monitoring result: Successful or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_DS_PROBERESULT: The probe state of DNS server DS template ICMP was changed to Successful.
Explanation	The health monitoring result for a DNS server changed.
Recommended action	Check the network environment and DNS server state if the health monitoring result for a DNS server is Failed.

LB_CHANGE_DSQUOTE_HCSTATUS

Message text	The health state of (DNS server pool [STRING], DNS server pool member [STRING], port: [USHORT]) was changed to [STRING]. Last state was kept for [ULONG] seconds.
Variable fields	$1: DNS server pool name. $2: DNS server name. $3: Port number. $4: Health state of the link: Active or Inactive. $5: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_DSQUOTE_HCSTATUS: The health state of (DNS server pool dp, DNS server ds, port:33) was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a DNS server pool member changed, and the DNS server pool member had stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and member state when the health state of a DNS server pool member is inactive.

LB_CHANGE_DSQUOTE_PROBERESULT

Message text	The probe state of (DNS server pool [STRING], DNS server pool member [STRING], port: [USHORT]) template [STRING] was changed to [STRING].
Variable fields	$1: DNS server pool name. $2: DNS server name. $3: Port number. $4: Health monitoring result: Successful or Failed. $5: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_DSQUOTE_PROBERESULT: The probe state of (DNS server pool SF, DNS server pool member ds, port: 20) template TEMPLATE was changed to Successful.
Explanation	The health monitoring result for a DNS server pool member changed.
Recommended action	Check the network environment and member state if the health monitoring result for a DNS server pool member is Failed.

LB_CHANGE_LG_STATE_ACTION

Message text	The state of link group associated with action [STRING] was changed, primary link group is [STRING], backup link group is [STRING], current link group is [STRING].
Variable fields	$1: LB action name. $2: Primary link group name. $3: Backup link group name. $4: Current link group name.
Severity level	5
Example	LB/5/LB_CHANGE_LG_STATE_ACTION: The state of link group associated with action ACT was changed, primary link group is MF, backup link group is BF, current link group is CF.
Explanation	The state of the link group associated with an LB action changed.
Recommended action	Check whether the availability criteria setting for the link group is changed. If the setting is not changed, check the network environment and link state.

LB_CHANGE_LG_STATUS

Message text	The number of available links in link group [STRING] reached the [STRING] percentage ([STRING]).
Variable fields	$1: Link group name. $2: Percentage type, upper or lower. $3: Percentage value. The value 0% means that no percentage value is configured.
Severity level	5
Example	LB/5/LB_CHANGE_LG_STATUS: The number of available links in link group lg1 reached the upper percentage (90%).
Explanation	This message is generated when the number of available links in a link group reaches the upper or lower percentage value.
Recommended action	Check the network environment and link state when the number of available links in a link group reaches the lower percentage value.

LB_CHANGE_LINK_BUSY_STATUS

Message text	The busy state of link [STRING] was changed to [STRING].
Variable fields	$1: Link name. $2: Link busy state: Busy or Normal.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_BUSYSTATUS: The busy state of link LINK was changed to Normal.
Explanation	The busy state of a link changed.
Recommended action	No action is required.

LB_CHANGE_LINK_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of link [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Number of connections on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of link LINK was 100, which had reached the upper limit.
Explanation	The number of connections on a link reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the link capacity.

LB_CHANGE_LINK_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of link [STRING] was [UINT] per second, which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Connection establishment rate on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of link LINK was 100 per second, which had reached the upper limit.
Explanation	The connection establishment rate on a link reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the link capacity.

LB_CHANGE_LINK_HCSTATUS

Message text	The health state of link [STRING] was changed to [STRING]. Last state was kept for [STRING] seconds.
Variable fields	$1: Link name. $2: Health state of the link: Active or Inactive. $3: Duration for the previous state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_HCSTATUS: The health state of link LINK was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a link changed, and the link stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and link state when the health state of a link is inactive.

LB_CHANGE_LINK_MEMORY_ALERT

Message text	LB link can't start proximity to probe because memory threshold has been exceeded.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_CHANGE_LINK_MEMORY_ALERT: LB link can't start proximity to probe because memory threshold has been exceeded.
Explanation	The device failed to execute a proximity probe because the memory threshold had been exceeded.
Recommended action	Check the memory usage.

LB_CHANGE_LINK_PROBERESULT

Message text	The probe state of link [STRING] template [STRING] was changed to [STRING].
Variable fields	$1: Link name. $2: Name of the NQA template used by the health monitoring method. $3: Health monitoring result: Successful or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_PROBERESULT: The probe state of link CNC template ICMP was changed to Successful.
Explanation	The health monitoring result for a link changed.
Recommended action	Check the network environment and link state if the health monitoring result for a link is Failed.

LB_CHANGE_LINK_SHUTDOWN

Message text	Chassis: [ChassisID],Slot: [SlotID],CPU: [CPUID]. The state of link [STRING] changed to down.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_SHUTDOWN: Chassis: 1,Slot: 2,CPU: 1. The state of link LINK changed to down.
Explanation	The state of a link changed to down.
Recommended action	Check the network environment and link state.

LB_CHANGE_LINKQUOTE_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID]. The number of connections of link group member ([STRING]-[STRING]) was [USHORT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link group name. $5: Link name. $6: Number of connections.
Severity level	5
Example	LB/5/LB_CHANGE_LINKQUOTE_CONNNUM_OVER: Chassis:1,Slot:1,CPU:1]. The number of connections of link group member (LG- LINK) was 80, which had reached the upper limit.
Explanation	The number of connections on a link member reached the upper limit.
Recommended action	Check the network environment and link member state.

LB_CHANGE_LINKQUOTE_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID]. The connection rate of link group member ([STRING]-[STRING]) was [USHORT] per second, which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link group name. $5: Link name. $6: Connection rate.
Severity level	5
Example	LB/5/LB_CHANGE_LINKQUOTE_CONNRATE_OVER: Chassis:1,Slot:1,CPU:2. The connection rate of link group member (LG-LINK) was 80 per second, which had reached the upper limit.
Explanation	The connection rate on a link member reached the upper limit.
Recommended action	Check the network environment and link member state.

LB_CHANGE_LINKQUOTE_HCSTATUS

Message text	The health state of (link group [STRING], link [STRING]) was changed to [STRING]. Last state was kept for [ULONG] seconds.
Variable fields	$1: Link group name. $2: Link name. $3: Health state of the link: Active or Inactive. $4: Duration for the previous state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_LINKQUOTE_HCSTATUS: The health state of (link group LG, link LINK) was changed to Active. Last state was kept for 200 seconds.
Explanation	The health state of a link group member changed.
Recommended action	Check the network environment and link member state when the health monitoring result changed to Inactive.

LB_CHANGE_LINKQUOTE_PROBERESULT

Message text	The probe state of (link group [STRING], link [STRING]) template [STRING] was changed to [STRING].
Variable fields	$1: Link group name. $2: Link name. $3: Probe template name. $4: Health monitoring result: Successful or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_LINKQUOTE_PROBERESULT: The probe state of (link group LG, link LINK) template TEMPLATE was changed to Successful.
Explanation	The health monitoring result of a link member changed.
Recommended action	Check the network environment and link member state when the health monitoring result changed to Failed.

LB_CHANGE_READ_WRITE_STATE_VS

Message text	The state of server farm associated with virtual server [STRING] was changed, read server farm is [STRING], write server farm is [STRING], current read-write server farm is [STRING].
Variable fields	$1: Virtual server name. $2: Read server farm name. $3: Write server farm name. $4: Health state of the server farms: Active or Inactive.
Severity level	5
Example	LB/5/ LB_CHANGE_READ_WRITE_STATE_VS: The state of server farm associated with virtual server vs was changed, read server farm is rsr, write server farm is rsw, current read-write server farm is Active.
Explanation	The health state of the read and write server farms changed.
Recommended action	No action is required.

LB_CHANGE_RS_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of real server [STRING] was [UINT] per second, which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Number of connections on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of real server RS was 100 per second, which had reached the upper limit.
Explanation	The number of connections on a real server reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the real server capacity.

LB_CHANGE_RS_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of real server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Connection establishment rate on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of real server RS was 100, which had reached the upper limit.
Explanation	The connection establishment rate on a real server reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the real server capacity.

LB_CHANGE_RS_HCSTATUS

Message text	The health state of real server [STRING] was changed to [STRING]. Last state was kept for [STRING] seconds.
Variable fields	$1: Real server name. $2: Health state of the real server: Active or Inactive. $3: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_RS_HCSTATUS: The health state of real server RS was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a real server changed, and the real server stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and real server state when the health state of a real server is inactive.

LB_CHANGE_RS_MEMORY_ALERT

Message text	LB can't start template [STRING] to probe because memory threshold has been exceeded.
Variable fields	$1: Probe template name.
Severity level	5
Example	LB/5/LB_CHANGE_RS_MEMORY_ALERT: LB can't start template TEMPLATE1 to probe because memory threshold has been exceeded.
Explanation	The device failed to execute a probe template for health monitoring because the memory severe threshold had been exceeded.
Recommended action	Check the memory usage.

LB_CHANGE_RS_MONITORRESULT

Message text	The state of (server farm [STRING], server farm member [STRING], port: [UINT16]) monitored by probe template [STRING] was changed to [STRING].
Variable fields	$1: Server farm name. $2: Server farm member name. $3: Port number. $4: Probe template name. $5: Probe result: Normal, Busy, or Auto shutdown.
Severity level	5
Example	LB/5/LB_CHANGE_RS_MONITORRESULT: The state of (server farm sf, server farm member rs, port:1) monitored by probe template rst was changed to Auto shutdown
Explanation	The health state of a server farm member changed.
Recommended action	No action is required.

LB_CHANGE_RS_PROBERESULT

Message text	The probe result of real server [STRING] template type [STRING] name [STRING] was changed to [STRING].
Variable fields	$1: Real server name. $2: Type of the NQA template used by the health monitoring method. $3: Name of the NQA template used by the health monitoring method. $4: Health monitoring result: Successful or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_RS_PROBERESULT: The probe state of real server RS template type ICMP name t1 was changed to Successful.
Explanation	The health monitoring result for a real server changed.
Recommended action	Check the network environment and real server state if the health monitoring result for a real server is Failed.

LB_CHANGE_RS_SHUTDOWN

Message text	Chassis: [ChassisID],Slot: [SlotID],CPU: [CPUID]. The state of real server [STRING] changed to down.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name.
Severity level	5
Example	LB/5/LB_CHANGE_RS_SHUTDOWN: Chassis: 1,Slot: 1,CPU: 2. The state of real server RS changed to down.
Explanation	The state of a real server changed to down.
Recommended action	Check the network environment and real server state.

LB_CHANGE_RSQUOTE_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID]. The number of connections of server farm member ([STRING]-[STRING]-[USHORT]) was [USHORT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Server farm name. $5: Real server name. $6: Port number. $7: Number of connections.
Severity level	5
Example	LB/5/LB_CHANGE_RSQUOTE_CONNNUM_OVER: Chassis:1,Slot:1,CPU:2. The number of connections of server farm member (SF-RS-1) was 80, which had reached the upper limit.
Explanation	The number of connections on a server farm member reached the upper limit.
Recommended action	Check the network environment and server farm member state.

LB_CHANGE_RSQUOTE_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of server farm member ([STRING]-[STRING]-[USHORT]) was [USHORT] per second, which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Server farm name. $5: Real server name. $6: Port number. $7: Connection rate.
Severity level	5
Example	LB/5/LB_CHANGE_RSQUOTE_CONNRATE_OVER: Chassis:1,Slot:2,CPU:1.The connection rate of server farm member (SF-RS-66) was 80 per second, which had reached the upper limit.
Explanation	The connection rate on a server farm member reached the upper limit.
Recommended action	Check the network environment and server farm member state.

LB_CHANGE_RSQUOTE_HCSTATUS

Message text	The health state of (server farm [STRING], server farm member [STRING],[STRING], port: [USHORT]) was changed to [STRING]. Last state was kept for [ULONG] seconds.
Variable fields	$1: Server farm name. $2: Real server name. $3: Real server address. $4: Port number. $5: Health state of the real server: Active or Inactive. $6: Duration for the previous state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_RSQUOTE_HCSTATUS: The health state of (server farm SF, server farm member RS,ipv4 address:192.168.17.1, port: 33) was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a server farm member changed.
Recommended action	Check the network environment and server farm member state when the health monitoring result changed to Inactive.

LB_CHANGE_RSQUOTE_PROBERESULT

Message text	The probe state of (server farm [STRING], server farm member [STRING],[STRING], port: [USHORT]) template [STRING] was changed to [STRING].
Variable fields	$1: Server farm name. $2: Real server name. $3: Real server address. $4: Port number. $5: Probe template name. $6: Health monitoring result: Successful or Failed.
Severity level	5
Example	LB/5/ LB_CHANGE_RSQUOTE_PROBERESULT: The probe state of (server farm SF, server farm member RS,ipv4 address:192.168.17.1, port: 20) template TEMPLATE was changed to Successful.
Explanation	The health state of a server farm member changed.
Recommended action	Check the network environment and server farm member state when the health monitoring result changed to Failed.

LB_CHANGE_SF_STATE_ACTION

Message text	The state of server farm associated with action [STRING] was changed, primary server farm is [STRING], backup server farm is [STRING], current server farm is [STRING].
Variable fields	$1: LB action name. $2: Primary server farm name. $3: Backup server farm name. $4: Current server farm name.
Severity level	5
Example	LB/5/LB_CHANGE_SF_STATE_ACTION: The state of server farm associated with action ACT was changed, primary server farm is MF, backup server farm is BF, current server farm is CF.
Explanation	The state of the server farm associated with an LB action changed.
Recommended action	Check whether the availability criteria setting for the server farm is changed. If the setting is not changed, check the network environment and real server state.

LB_CHANGE_SF_STATUS

Message text	The number of available real servers in server farm [STRING] reached the [STRING] percentage ([STRING]).
Variable fields	$1: Server farm name. $2: Percentage type, upper or lower. $3: Percentage value. The value 0% means that no percentage value is configured.
Severity level	5
Example	LB/5/LB_CHANGE_SF_STATUS: The number of available real servers in server farm sf1 reached the lower percentage (10%).
Explanation	This message is generated when the number of available real servers in a server farm reaches the upper or lower percentage value.
Recommended action	Check the network environment and server farm state when the number of available real servers in a server farm reaches the lower percentage value.

LB_CHANGE_VS_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of virtual server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Number of connections on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of virtual server RS was 100, which had reached the upper limit.
Explanation	The number of connections on a virtual server reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the capacity of real servers associated with the virtual server.

LB_CHANGE_VS_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of virtual server [STRING] was [UINT] per second, which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Connection establishment rate on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of virtual server VS was 100 per second, which had reached the upper limit.
Explanation	The connection establishment rate on a virtual server reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the capacity of real servers associated with the virtual server.

LB_LINK_FLOW

Message text	SIP=[STRING], SPort=[STRING], DIP= [STRING], DPort= [STRING], Proto= [STRING], App= [STRING], Link= [STRING] ([STRING]). SIP=[STRING], SPort=[STRING], DIP= [STRING], DPort= [STRING], Proto= [STRING], App= [STRING], Domain= [STRING], Link= [STRING] ([STRING]).
Variable fields	$1: Source IP address. $2: Source port number. $3: Destination IP address. $4: Destination port number. $5: Protocol. $6: Application name. $7: Domain name. $8: Link name. $9: Outbound next-hop IP address.
Severity level	6
Example	LB/6/LB _LINK_FLOW: SIP=192.168.3.10, SPort=8090, DIP=3.3.3.3, DPort=80, Proto=TCP, App=general_tcp, Link= link1 (6.6.6.6). LB/6/LB _LINK_FLOW: SIP=192.168.3.11, SPort=8080, DIP=2.2.2.2, DPort=80, Proto=TCP, App=http, Domain= www.aaa.com, Link= link2 (6.6.6.2).
Explanation	This message is generated when traffic is forwarded over the link.
Recommended action	No action is required.

LB_LINK_RECOVERFORM_SHUTDOWN

Message text	Chassis: [ChassisID],Slot: [SlotID],CPU: [CPUID]. The shutdown state of link [STRING] changed to normal.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name.
Severity level	5
Example	LB/5/ LB_LINK_RECOVERFORM_SHUTDOWN: Chassis: 1,Slot: 2,CPU: 1. The shutdown state of link lk changed to normal.
Explanation	The link state changed from down to up.
Recommended action	No action is required.

LB_LINK_STATE_ACTIVE

Message text	The state of link [STRING] is active.
Variable fields	$1: Link name.
Severity level	5
Example	LB/5/LB_LINK_STATE_ACTIVE: -MDC=1; The state of link lk is active.
Explanation	This message is generated after an IP address is configured, the health monitoring succeeds, or the undo shutdown command is executed.
Recommended action	No action is required.

LB_LINK_STATE_INACTIVE

Message text	The state of link [STRING] is inactive.
Variable fields	$1: Link name.
Severity level	5
Example	LB_LINK_STATE_INACTIVE: -MDC=1; The state of link lk is inactive.
Explanation	This message is generated after an IP address is removed from an interface, the health monitoring result changes, or the shutdown command is executed.
Recommended action	Check the link configuration and health monitoring configuration.

LB_NAT44_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT44_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.20;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv4 address is translated into another IPv4 address. This message can only be displayed by executing the display logbuffer command.
Recommended action	No action is required.

LB_NAT46_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPv6Addr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPv6Addr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT46_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=20.20.20.1;SrcPort(1004)=1024;NATSrcIPv6Addr(1005)=2002::1;NATSrcPort(1006)=1024;DstIPAddr(1007)=30.30.30.1;DstPort(1008)=21;NATDstIPv6Addr(1009)=3002::1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv4 address is translated into an IPv6 address. This message can only be displayed by executing the display logbuffer command.
Recommended action	No action is required.

LB_NAT64_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPv6Addr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT64_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1003)=1001::1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.1;NATSrcPort(1006)=1024;DstIPv6Addr(1007)=3001::1;DstPort(1008)=21;NATDstIPAddr(1009)=30.30.30.1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv6 address is translated into an IPv4 address. This message can only be displayed by executing the display logbuffer command.
Recommended action	No action is required.

LB_NAT66_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPv6Addr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPv6Addr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPv6Addr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT66_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1003)=1001::1;SrcPort(1004)=1024;NATSrcIPv6Addr(1005)=2002::1;NATSrcPort(1006)=1024;DstIPv6Addr(1007)=3001::1;DstPort(1008)=21;NATDstIPv6Addr(1009)=3002::1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv6 address is translated into another IPv6 address. This message can only be displayed by executing the display logbuffer command.
Recommended action	No action is required.

LB_PROTECTION_POLICY_CK (fast log output)

Message text	The virtual server [STRING] detected the visits of user (IP = [STRING], [STRING] = [STRING], URL = [STRING]) exceeding the threshold.
Variable fields	$1: Virtual server name. $2: Source IP address. $3: Cookie name. $4: Cookie value. $5: Protected URL.
Severity level	6
Example	H3C LB/6/LB _PROTECTION_POLICY_CK: The virtual server vs detected the visits of user (IP = 10.10.10.10, JSESSIONID = A43E0142B4, URL = www.abc.com) exceeding the threshold.
Explanation	This message is generated when the number of times a user accesses a URL exceeds the specified threshold.
Recommended action	No action is required.

LB_PROTECTION_POLICY_IP (fast log output)

Message text	The virtual server [STRING] detected the visits of user (IP = [STRING], URL = [STRING]) exceeding the threshold.
Variable fields	$1: Virtual server name. $2: Source IP address. $3: Protected URL.
Severity level	6
Example	H3C LB/6/LB _PROTECTION_POLICY_IP: The virtual server vs detected the visits of user (IP = 10.10.10.10, URL = www.abc.com) exceeding the threshold.
Explanation	This message is generated when the number of times a user accesses a URL exceeds the specified threshold.
Recommended action	No action is required.

LB_RECOVERY_LINK_CONNNUM

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of link [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Number of connections on the link.
Severity level	5
Example	LB/5/LB_RECOVERY_LINK_CONNNUM: Chassis:0,Slot:1,CPU:1.The number of connections of link LINK was 100, which had reached the upper limit.
Explanation	The number of connections on a link dropped below the upper limit.
Recommended action	No action is required.

LB_RECOVERY_LINK_CONNRATE

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of link [STRING] was [UINT] per second, which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Connection establishment rate on the link.
Severity level	5
Example	LB/5/LB_RECOVERY_LINK_CONNRATE: Chassis:0,Slot:1,CPU:1.The connection rate of link LINK was 100 per second, which had recovered to normal state.
Explanation	The connection establishment rate on a link dropped below the upper limit.
Recommended action	No action is required.

LB_RECOVERY_LINKQUOTE_CONNNUM

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of link group member ([STRING]-[STRING]) was [USHORT], which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link group name. $5: Link name. $6: Number of connections.
Severity level	5
Example	LB/5/LB_RECOVERY_LINKQUOTE_CONNNUM: Chassis:1,Slot:1,CPU:2.The number of connections of link group member (LG-LINK) was 10, which had returned to a normal level.
Explanation	The number of connections on a link member fell to a normal level.
Recommended action	Check the network environment and link member state.

LB_RECOVERY_LINKQUOTE_CONNRATE

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID]. The connection rate of link group member ([STRING]- [STRING]) was [USHORT] per second, which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link group name. $5: Link name. $6: Connection rate.
Severity level	5
Example	LB/5/LB_RECOVERY_LINKQUOTE_CONNRATE_RECOVERY: Chassis: 0,Slot:1,CPU:1. The connection rate of link group member (LG- LINK) was 80 per second, which had returned to a normal level.
Explanation	The connection rate on a link member fell to a normal level.
Recommended action	Check the network environment and link member state.

LB_RECOVERY_RS_CONNRATE

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of real server [STRING] was [UINT], which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Connection establishment rate on the real server.
Severity level	5
Example	LB/5/LB_RECOVERY_RS_CONNRATE: Chassis:0,Slot:1,CPU:1.The connection rate of real server RS was 100, which had returned to a normal level.
Explanation	The connection establishment rate on a real server dropped below the upper limit.
Recommended action	No action is required.

LB_RECOVERY_RSQUOTE_CONNNUM

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID]. The number of connections of server farm member ([STRING]-[STRING]-[USHORT]) was [USHORT], which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Server farm name. $5: Real server name. $6: Port number. $7: Number of connections.
Severity level	5
Example	LB/5/LB_RECOVERY_RSQUOTE_CONNNUM: Chassis:2,Slot:1,CPU:1. The number of connections of server farm member (SF-RS-33) was 20, which had returned to a normal level.
Explanation	The number of connections on a server farm member fell to a normal level.
Recommended action	Check the network environment and server farm member state.

LB_RECOVERY_RSQUOTE_CONNRATE

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of server farm member ([STRING]-[STRING]-[USHORT]) was [USHORT] per second, which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Server farm name. $5: Real server name. $6: Port number. $7: Connection rate.
Severity level	5
Example	LB/5/LB_RECOVERY_RSQUOTE_CONNRATE: Chassis: 1,Slot:1,CPU:1.The connection rate of server farm member (SF-RS-80) was 10 per second, which had returned to a normal level.
Explanation	The connection rate on a server farm member fell to a normal level.
Recommended action	Check the network environment and server farm member state.

LB_RECOVERY_VS_CONNNUM

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of virtual server [STRING] was [UINT], which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Number of connections on the virtual server.
Severity level	5
Example	LB/5/LB_RECOVERY_VS_CONNNUM: Chassis:0,Slot:1,CPU:1.The number of connections of virtual server RS was 100, which had returned to a normal level.
Explanation	The number of connections on a virtual server dropped below the upper limit.
Recommended action	No action is required.

LB_RECOVERY_VS_CONNRATE

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of virtual server [STRING] was [UINT] per second, which had returned to a normal level.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Connection establishment rate on the virtual server.
Severity level	5
Example	LB/5/LB_RECOVERY_VS_CONNRATE: Chassis:0,Slot:1,CPU:1.The connection rate of virtual server VS was 100 per second, which had returned to a normal level.
Explanation	The connection establishment rate on a virtual server dropped below the upper limit.
Recommended action	No action is required.

LB_RS_RECOVERFORM_SHUTDOWN

Message text	Chassis: [ChassisID],Slot: [SlotID],CPU: [CPUID]. The shutdown state of real server [STRING] changed to normal.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name.
Severity level	5
Example	LB/5/LB_RS_RECOVERFORM_SHUTDOWN: Chassis: 1,Slot: 1,CPU: 2. The shutdown state of real server rs1 changed to normal.
Explanation	The real server state changed from down to up.
Recommended action	No action is required.

LB_SLB_LICENSE_EXPIRED

Message text	The license for SLB has expired. Server load balancing is not available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_EXPIRED: The license for SLB has expired. Server load balancing is not available.
Explanation	The license for SLB had expired. Server load balancing was unavailable.
Recommended action	Install a license for SLB.

LB_SLB_LICENSE_INSTALLED

Message text	The license for SLB has been installed. Server load balancing is available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_INSTALLED: The license for SLB has been installed. Server load balancing is available.
Explanation	The license for SLB had been installed. Server load balancing was available.
Recommended action	No action is required.

LB_SLB_LICENSE_UNINSTALLED

Message text	The license for SLB has been uninstalled. Server load balancing is not available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_UNINSTALLED: The license for SLB has been uninstalled. Server load balancing is not available.
Explanation	The license for SLB had been uninstalled. Server load balancing was unavailable.
Recommended action	Install a license for SLB.

OUTBOUND_LLB_SCHED (fast log output)

Message text	Form 1: SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];SNDVPNINSTANCE(1043)=[STRING];Protocol(1001)=[UINT16];DomainName(1099)=[STRING];Class(1184)=[STRING];Fwdmode(1185)=[STRING];Schedule(1195)=[STRING];LinkGroup(1186)=[STRING];Predictor(1193)=[STRING];Link(1187)=[STRING];RouterIfName(1188)=[STRING]. Form 2: Failed to schedule: SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];SNDVPNINSTANCE(1043)=[STRING];Protocol(1001)=[UINT16];DomainName(1099)=[STRING];Class(1184)=[STRING];Fwdmode(1185)=[STRING];Schedule(1195)=[STRING];LinkGroup(1186)=[STRING];Predictor(1193)=[STRING];Link(1187)=[STRING];RouterIfName(1188)=[STRING].
Variable fields	$1: Source IP address of the DNS request. $2: Source port number of the DNS request. $3: Destination IP address of the DNS request. $4: Destination port number of the DNS request. $5: VPN instance name. $6: Port number of the transparent DNS proxy. $7: Requested domain name in the DNS request. $8: LB class. If no LB class exists or is matched, the value is none. $9: Forwarding action: ¡ drop. ¡ forward. ¡ loadbalance. ¡ skip. ¡ none—No action is matched. $10: Scheduling mode: ¡ sticky method. ¡ proximity. ¡ predictor. ¡ If no scheduling mode is matched, nothing is displayed. $11: Link group name. $12: Scheduling algorithm of the link group. $13: Link name. $14: Output interface of the link. If the link fails, the value is none.
Severity level	6
Example	Form 1: LB/6/OUTBOUND_LLB_SCHED: SrcIPAddr(1003)=188.100.0.25;SrcPort(1004)=60073;DstIPAddr(1007)=187.44.2.23;DstPort(1008)=53;SNDVPNINSTANCE(1043)=0;Protocol(1001)=6;DomainName(1099)=www.abc.com;Class(1184)=c1;Fwdmode(1185)=loadbalance;Schedule=sticky method;LinkGroup(1186)=lg1;Link(1187)=lk1;RouterIfName(1188)=dialer0. Form 2: LB/6/OUTBOUND_LLB_SCHED: Failed to schedule: SrcIPAddr(1003)=188.100.0.25;SrcPort(1004)=60073;DstIPAddr(1007)=187.44.2.23;DstPort(1008)=53;SNDVPNINSTANCE(1043)=0;Protocol(1001)=6;Class(1184)=c1;Fwdmode(1185)=loadbalance;Schedule=predictor;LinkGroup(1186)=lg1;Predictor(1193)=RR;Link(1187)=lk1;RouterIfName(1188)=none.
Explanation	Form 1: This message is generated when outbound link load balancing is performed successfully. Form 2: This message is generated when outbound link load balancing fails to be performed.
Recommended action	No action is required.

LDP messages

This section contains LDP messages.

LDP_MPLSLSRID_CHG

Message text	Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Variable fields	N/A
Severity level	5
Example	LDP/5/LDP_MPLSLSRID_CHG: -MDC=1; Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Explanation	If you configure an LDP LSR ID by using the lsr-id command in LDP view or LDP-VPN instance view, LDP uses the LDP LSR ID. Otherwise, LDP uses the MPLS LSR ID configured by the mpls lsr-id command. This message is sent when the following situations occur: · No LDP LSR ID is configured by using the lsr-id command. · The MPLS LSR ID is modified.
Recommended action	1. Execute the display mpls ldp parameter command to display the LSR ID. 2. Verify that the LSR ID is the same as the configured MPLS LSR ID. If they are not the same, reset LDP sessions by executing the reset mpls ldp command.

LDP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · interface not operational. · MPLS disabled on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · VPN instance changed on interface. · LDP instance deleted. · targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · session protection disabled targeted peer. · process deactivated. · failed to receive the initialization message. · graceful restart reconnect timer expired. · failed to recover adjacency by NSR. · failed to upgrade session by NSR. · closed the GR session. · keepalive hold timer expired. · adjacency hold timer expired. · session reset manually. · TCP connection down. · received a fatal notification message. · internal error. · memory in critical state. · transport address changed on interface.
Severity level	5
Example	LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up. LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, check the interface state, link state, and other configurations depending on the reason displayed.

LDP_SESSION_GR

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session graceful restart: ¡ Start reconnection. ¡ Reconnection failed. ¡ Start recovery. ¡ Recovery completed.
Severity level	5
Example	LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection.
Explanation	State of the session graceful restart. When a GR-capable LDP session is down, the LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state.
Recommended action	Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG log message. When the graceful restart state Reconnection failed is displayed, verify the interface state, link state, and other configurations according to the reason for the session graceful restart. No action is required for other graceful restart states.

LDP_SESSION_SP

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session protection: ¡ Hold up the session. ¡ Session recovered successfully. ¡ Session recovery failed.
Severity level	5
Example	LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session.
Explanation	When the last link adjacency of the session was lost, session protection started. This message is generated during the session protection process, indicating the current session protection state.
Recommended action	Verify the interface state and link state.

LIPC messages

This section contains LIPC messages.

LIPC_CHECKDOWN

Message text	The quality of the link is poor. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER].
Variable fields	$1: Name of the process that established the link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node in the quadruple. $4: Port number of the local node in the quadruple. $5: LIP address of the remote node in the quadruple. $6: Port number of the remote node in the quadruple.
Severity level	4
Example	LIPC/4/LIPC_CHECKDOWN: The quality of the link is not good. Owner=1, VRF=0, [LAddr/LPort--RAddr/RPort]=[0/20415--8/10515].
Explanation	Processes will establish a link during internal communication. LIPC STCP automatically checks the link quality at intervals and attempts to recover a poor link. If the recovery fails, the system will terminate the link. This message is generated when LIPC STCP terminates a poor LIPC link.
Recommended action	No action is required.

LIPC_MTCP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], Group=[INTEGER], MID=[INTEGER].
Variable fields	$1: Name of the process. $2: Name of the VRF to which the LIPC link belongs to. $3: Multicast group ID of the LIPC link. $4: Multicast group member ID of the LIPC link.
Severity level	4
Example	LIPC/4/LIPC_MTCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, Group=134, MID=10001.
Explanation	Processes will establish an LIPC link during internal communication. LIPC MTCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

LIPC_STCP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER].
Variable fields	$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node.
Severity level	4
Example	LIPC/4/LIPC_STCP_CHECK: Data stays in the receive buffer for an over long time. Owner=fsd, VRF=0, local address/port=8/10515, remote address/port=0/20415.
Explanation	Processes will establish an LIPC link during internal communication. LIPC STCP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

LIPC_SUDP_CHECK

Message text	Data stays in the receive buffer for an over long time. Owner=[STRING], VRF=[INTEGER], local address/port=[INTEGER]/[INTEGER], remote address/port=[INTEGER]/[INTEGER].
Variable fields	$1: Name of the process that established the LIPC link. $2: Name of the VRF to which the LIPC link belongs. $3: LIP address of the local node. $4: Port number of the local node. $5: LIP address of the remote node. $6: Port number of the remote node.
Severity level	4
Example	LIPC/4/LIPC_SUDP_CHECK: Data stays in the receive buffer for an over long time. Owner=snmpd, VRF=0, local address/port=0/10525, remote address/port=32768/0.
Explanation	Processes will establish an LIPC link during internal communication. LIPC SUDP assigns a receive buffer to the process and checks at intervals whether data in the buffer is retrieved by the process. If the process has not retrieved data from the receive buffer for a long time and a large amount of data accumulates in the buffer, the process might run abnormally.
Recommended action	No action is required.

PORT_CHANGE

Message text	STCP: Node where the listening port number [INTGER] (MDC: [INTGER] VRF: [INTGER]) resides changed from LIP [INTGER] to LIP [INTGER].
Variable fields	$1: LIPC global port number. $2: Name of the MDC where the LIPC global port resides. $3: Name of the VRF to which the LIPC global port belongs. $4: Name of the old LIPC node where the LIPC global port resides. $5: Name of the new LIPC node where the LIPC global port resides.
Severity level	5
Example	LIPC/5/PORT_CHANGE: STCP: Node where the listening port number 620 (MDC: 1 VRF: 1) resides changed from LIP 1 to LIP 3.
Explanation	STCP assigns an LIPC global port number as a listening port number to each service module as requested. Typically, a service module listens to the port number only on the LIPC node where the port has been requested. This message is generated if the service module listens to the port number on a different LIPC node. STCP will move the port number from the old LIPC node to the new node.
Recommended action	No action is required.

LLDP messages

This section contains LLDP messages.

LLDP_CREATE_NEIGHBOR

Message text	[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received an LLDP message from a new neighbor.
Recommended action	No action is required.

LLDP_DELETE_NEIGHBOR

Message text	[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received a deletion message when a neighbor was deleted.
Recommended action	No action is required.

LLDP_LESS_THAN_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	6
Example	LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added.
Explanation	New neighbors can be added for the port because the limit has not been reached.
Recommended action	No action is required.

LLDP_NEIGHBOR_AGE_OUT

Message text	[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time.
Recommended action	Verify the link status or the receive/transmit status of LLDP on the peer.

LLDP_NEIGHBOR_AP_RESET

Message text	The neighboring AP of the [STRING] agent on port [STRING] (IfIndex [UINT32]) was restarted due to aging.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AP_RESET: The neighboring AP of the nearest bridge agent on port GigabitEthernet1/0/1 (IfIndex 599) was restarted due to aging.
Explanation	A neighboring AP aged out and was restarted.
Recommended action	No action is required.

LLDP_PVID_INCONSISTENT

Message text	PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]).
Variable fields	$1: Port name. $2: VLAN ID. $3: System name. $4: Port name. $5: VLAN ID.
Severity level	5
Example	LLDP/5/LLDP_PVID_INCONSISTENT: MDC=1; PVID mismatch discovered on Ten-GigabitEthernet0/2/6 (PVID 1), with Ten-GigabitEthernet0/2/7 (PVID 500).
Explanation	This message is generated when the PVID on the peer is different from the PVID of the local interface.
Recommended action	Configure the same PVID for the local and peer interfaces.

LLDP_REACH_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	5
Example	LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added.
Explanation	This message is generated when the port with its maximum number of neighbors reached received an LLDP packet.
Recommended action	No action is required.

LOAD messages

This section contains load management messages.

BOARD_LOADING

Message text	Board in chassis [INT32] slot [INT32] is loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	4
Example	LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images.
Explanation	The card is loading software images during the boot process.
Recommended action	No action is required.

LOAD_FAILED

Message text	Board in chassis [INT32] slot [INT32] failed to load software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	3
Example	LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images.
Explanation	The card failed to load software images during the boot process.
Recommended action	1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the problem persists, contract H3C Support.

LOAD_FINISHED

Message text	Board in chassis [INT32] slot [INT32] has finished loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	5
Example	LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images.
Explanation	The card has finished loading software images.
Recommended action	No action is required.

LOGIN messages

This section contains login messages.

LOGIN_ACCOUNTING_FAILED

Message text	Accounting failed for user [STRING] on [STRING] line.
Variable fields	$1: Username. $2: Line type.
Severity level	5
Example	LOGIN/5/LOGIN_ACCOUNTING_FAILED: Accounting failed for user a1 on VTY line.
Explanation	Accounting failed for a user.
Recommended action	Verify that the accounting configuration for the user is correct.

LOGIN_AUTHORIZATION_FAILED

Message text	Authorization failed for user [STRING] on [STRING] line.
Variable fields	$1: Username. $2: Line type.
Severity level	5
Example	LOGIN/5/LOGIN_AUTHORIZATION_FAILED: Authorization failed for user a1 on VTY line.
Explanation	Authorization failed for a user.
Recommended action	Verify that the authorization configuration for the user is correct.

LOGIN_FAILED

Message text	[STRING] failed to login from [STRING].
Variable fields	$1: Username. $2: Line name or IP address.
Severity level	5
Example	LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22.
Explanation	A login attempt failed.
Recommended action	No action is required.

LOGIN_ INVALID_USERNAME_PWD

Message text	Invalid username or password from [STRING].
Variable fields	$1: User line name and user IP address.
Severity level	5
Example	LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22.
Explanation	A user entered an invalid username or password.
Recommended action	No action is required.

LOGIN_PASSWORD_CHECK_FAILED

Message text	The password of user [STRING] failed password control check on [STRING] line.
Variable fields	$1: Username. $2: Line type.
Severity level	5
Example	LOGIN/5/LOGIN_PASSWORD_CHECK_FAILED: The password of user a1 failed password control check on VTY line.
Explanation	A password failed password control check.
Recommended action	1. Verify that the password control-related .dat files are available. 2. Verify that the password meets the requirements of the password control feature.

LOGIN_RECORD_OBTAIN_FAILED

Message text	Failed to obtain login history records of user [STRING] on [STRING] line.
Variable fields	$1: Username. $2: Line type.
Severity level	5
Example	LOGIN/5/LOGIN_RECORD_OBTAIN_FAILED: Failed to obtain login history records of user a1 on VTY line.
Explanation	The system failed to obtain the login history records of a user.
Recommended action	Contact H3C Support.

LPDT messages

This section contains loop detection messages.

LPDT_LOOPED

Message text	Loopback exists on [STRING].
Variable fields	$1: Port name.
Severity level	4
Example	LPDT/4/LPDT_LOOPED: Loopback exists on Ethernet 6/4/2.
Explanation	The first intra-VLAN loop was detected on a port.
Recommended action	Check the links and configuration on the device for the loop, and remove the loop.

LPDT_RECOVERED

Message text	Loopback on [STRING] recovered.
Variable fields	$1: Port name.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: Loopback on Ethernet 6/4/1 recovered.
Explanation	All intra-VLAN loops on a port were removed.
Recommended action	No action is required.

LPDT_VLAN_LOOPED

Message text	Loopback exists on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	4
Example	LPDT/4/LPDT_VLAN_LOOPED: Loopback exists on Ethernet6/4/1 in VLAN 1.
Explanation	A loop in a VLAN was detected on a port.
Recommended action	Check the links and configurations in the VLAN for the loop, and remove the loop.

LPDT_VLAN_RECOVERED

Message text	Loopback on [STRING] in VLAN [UINT16] recovered.
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: Loopback on Ethernet6/4/1 in VLAN 1 recovered.
Explanation	A loop in a VLAN was removed on a port.
Recommended action	No action is required.

LS messages

This section contains Local Server messages.

LOCALSVR_PROMPTED_CHANGE_PWD

Message text	Please change the password of [STRING] [STRING], because [STRING].
Variable fields	$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, user line number, or user line class number. $3: Reason for password change: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired.
Severity level	6
Example	LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password.
Explanation	The device generated a log message to prompt a user to change the password of the user, user line, or user line class. The device will generate such a log message every 24 hours after the user logs in to the device if the password does not meet the password control requirements.
Recommended action	Change the user password as required: · If scheme authentication is used, change the local password of the user. · If password authentication is used, change the authentication password of the user line or user line class for the user.

LS_ADD_USER_TO_GROUP

Message text	Admin [STRING] added user [STRING] to group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1.
Explanation	The administrator added a user into a user group.
Recommended action	No action is required.

LS_AUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed authentication. [STRING]
Variable fields	$1: Username. $2: IP address. $3: Failure reason: ¡ User not found. ¡ Password verified failed. ¡ User not active. ¡ Access type mismatch. ¡ Binding attribute is failed. ¡ User in blacklist.
Severity level	5
Example	LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found."
Explanation	The local server rejected a user's authentication request.
Recommended action	No action is required.

LS_AUTHEN_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	The local server accepted a user's authentication request.
Recommended action	No action is required.

LS_DEL_USER_FROM_GROUP

Message text	Admin [STRING] delete user [STRING] from group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1.
Explanation	The administrator deleted a user from a user group.
Recommended action	No action is required.

LS_DELETE_PASSWORD_FAIL

Message text	Failed to delete the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd.
Explanation	Failed to delete the password for a user.
Recommended action	Check the file system for errors.

LS_PWD_ADDBLACKLIST

Message text	User [STRING] was added to the blacklist due to multiple login failures, [STRING].
Variable fields	$1: Username. $2: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes.
Severity level	4
Example	LS/4/LS_PWD_ADDBLACKLIST: User user1 was added to the blacklist due to multiple login failures, but could make other attempts.
Explanation	A user was added to the blacklist because of multiple login failures.
Recommended action	Check the user's password.

LS_PWD_CHGPWD_FOR_AGEDOUT

Message text	User [STRING] changed the password because it was expired.
Variable fields	$1: User name.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired.
Explanation	A user changed the password because the password expired.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_AGEOUT

Message text	User [STRING] changed the password because it was about to expire.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire.
Explanation	A user changed the password because the password is about to expire.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_COMPOSITION

Message text	User [STRING] changed the password because it had an invalid composition.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition.
Explanation	A user changed the password because it had an invalid composition.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_FIRSTLOGIN

Message text	User [STRING] changed the password at the first login.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login.
Explanation	A user changed the password at the first login.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_LENGTH

Message text	User [STRING] changed the password because it was too short.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short.
Explanation	A user changed the password because it was too short.
Recommended action	No action is required.

LS_PWD_FAILED2WRITEPASS2FILE

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	4
Example	LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file.
Explanation	Failed to write the password records to file.
Recommended action	No action is required.

LS_PWD_MODIFY_FAIL

Message text	Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING].
Variable fields	$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ old password is incorrect—The old password is incorrect. ¡ password is too short—The new password is too short. ¡ password has not minimum different chars—The new password does not have enough number of different characters (a minimum of four different characters). ¡ invalid password composition—The types and length of characters in the new password do not meet the password composition requirements. ¡ password has repeated chars—The new password has three or more consecutive repeating characters. ¡ password contains username—The new password includes the username. ¡ new password must be different from any previous password by a minimum of four chars—The new password must be different from the passwords stored in the history records by a minimum of four characters. ¡ new password must be different from old password by a minimum of four chars—The new password must be different from the old password by a minimum of four characters. ¡ password used already—The new password is the same as the old password or a history password. ¡ password is in update-wait time—The password has been modified within a minimum password update interval. ¡ entered passwords did not match—The confirm password is inconsistent with the new password. ¡ unknown error—Unknown error.
Severity level	4
Example	LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because passwords do not match.
Explanation	An administrator failed to modify a user's password.
Recommended action	No action is required.

LS_PWD_MODIFY_SUCCESS

Message text	Admin [STRING] from [STRING] modify the password for user [STRING] successfully.
Variable fields	$1: Admin name. $2: IP address. $3: Username.
Severity level	6
Example	LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully.
Explanation	An administrator successfully changed a user's password.
Recommended action	No action is required.

LS_REAUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed reauthentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication.
Explanation	A user failed reauthentication because the old password entered for reauthentication is invalid.
Recommended action	Check the old password.

LS_UPDATE_PASSWORD_FAIL

Message text	Failed to update the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc.
Explanation	Failed to update the password for a user.
Recommended action	Check the file system for errors.

LS_USER_CANCEL

Message text	User [STRING] from [STRING] cancelled inputting the password.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password.
Explanation	The user cancelled inputting the password or did not input the password in 90 seconds.
Recommended action	No action is required.

LS_USER_PASSWORD_EXPIRE

Message text	User [STRING]'s login idle timer timed out.
Variable fields	$1: Username.
Severity level	5
Example	LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out.
Explanation	The login idle time for a user expired.
Recommended action	No action is required.

LS_USER_ROLE_CHANGE

Message text	Admin [STRING] [STRING] the user role [STRING] for [STRING].
Variable fields	$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username.
Severity level	4
Example	LS/4/LS_USER_ROLE_CHANGE: Admin admin add the user role network-admin for abcd.
Explanation	The administrator added a user role for a user.
Recommended action	No action is required.

LSPV messages

This section contains LSP verification messages.

LSPV_PING_STATIS_INFO

Message text	Ping statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packets loss, round-trip min/avg/max = [UINT32]/[UINT32]/[UINT32] ms.
Variable fields	$1: FEC. $2: Number of echo requests sent. $3: Number of echo replies received. $4: Percentage of the non-replied packets to the total requests. $5: Minimum round-trip delay. $6: Average round-trip delay. $7: Maximum round-trip delay.
Severity level	6
Example	LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/2/5 ms.
Explanation	Ping statistics for an LSP tunnel or a PW. This message is generated when the ping mpls command is executed.
Recommended action	If no reply is received, verify the connectivity of the LSP tunnel or the PW.

MAC messages

This section contains MAC messages.

MAC_NOTIFICATION

Message text	Message format 1: MAC address [STRING] in VLAN [UNIT32] has moved from port [STRING] to port [STRING] for [UNIT32] times. Message format 2: MAC address [STRING] in VSI [STRING] has moved from [STRING] service-instance [UNIT32] to [STRING] service-instance [UNIT32] for [UNIT32] times.
Variable fields	Message format 1: $1: MAC address. $2: VLAN ID. $3: Interface name. $4: Interface name. $5: Number of MAC address moves. Message format 2: $1: MAC address. $2: VSI name. $3: Interface name. $4: Ethernet service instance ID. $5: Interface name. $6: Ethernet service instance ID. $7: Number of MAC address moves.
Severity level	4
Example	Message format 1: MAC/4/MAC_NOTIFICATION: MAC address 0000-0012-0034 in VLAN 500 has moved from port GE1/0/1 to port GE1/0/2 for 1 times Message format 2: MAC/4/MAC_NOTIFICATION: MAC address 0010-9400-0002 in VSI vpna has moved from Twenty-FiveGigE1/0/1 service-instance 40 to Twenty-FiveGigE1/0/3 service-instance 30 for 152499 times.
Explanation	A MAC address moved between two interfaces or Ethernet service instances.
Recommended action	No action is required.

MAC_TABLE_FULL_GLOBAL

Message text	The number of MAC address entries exceeded the maximum number [UINT32].
Variable fields	$1: Maximum number of MAC addresses.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries exceeded the maximum number 1024.
Explanation	The number of entries in the global MAC address table exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_PORT

Message text	The number of MAC address entries exceeded the maximum number [UINT32] for interface [STRING].
Variable fields	$1: Maximum number of MAC addresses. $2: Interface name.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries exceeded the maximum number 1024 for interface GigabitEthernet2/0/32.
Explanation	The number of entries in the MAC address table for an interface exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_VLAN

Message text	The number of MAC address entries exceeded the maximum number [UINT32] in VLAN [UINT32].
Variable fields	$1: Maximum number of MAC addresses. $2: VLAN ID.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries exceeded the maximum number 1024 in VLAN 2.
Explanation	The number of entries in the MAC address table for a VLAN exceeded the maximum number supported by the table.
Recommended action	No action is required.

MACA messages

This section contains MAC authentication messages.

MACA_ENABLE_NOT_EFFECTIVE

Message text	The MAC authentication feature is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	MACA/3/MACA_ENABLE_NOT_EFFECTIVE: The MAC authentication feature is enabled but is not effective on interface Ethernet3/1/2.
Explanation	MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication.
Recommended action	3. Disable MAC authentication on the interface. 4. Reconnect the connected devices to another interface that supports MAC authentication. 5. Enable MAC authentication on the new interface.

MACA_LOGIN_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANId=[STRING]-UserName=[STRING]-UserNameFormat=[STRING]; The user failed the MAC address authentication. Reason: [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format: ¡ Fixed—Shared user account. ¡ MAC address—MAC-based user account. $6: Failure cause: ¡ Authorization Mac-Address process failed. ¡ Authorization VLAN process failed. ¡ Authorization ACL process failed. ¡ Authorization UserProfile process failed. ¡ Authentication process failed.
Severity level	6
Example	MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANId=1-UserName=0000-0000-0001-UserNameFormat=MAC address; The user failed the MAC address authentication. Reason: Authorization VLAN process failed.
Explanation	The user failed MAC authentication.
Recommended action	Resolve the issue depending on the failure cause.

MACA_LOGIN_FAILURE (EAD)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING]. Can't trigger MAC authentication for the user before the EAD user entry ages out.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Authentication process failed.
Severity level	6
Example	MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed. Can't trigger MAC authentication for the user before the EAD user entry ages out.
Explanation	The user failed MAC authentication. Packets from the user cannot trigger MAC authentication again before the user's EAD entry ages out.
Recommended action	· Locate the failure cause and resolve the issue. · Disable the EAD assistant feature or delete the 802.1X settings on the interface, if any.

MACA_LOGIN_SUCC

Message text	-IfName=[STRING]-MACAddr=[STRING]-AccessVLANId=[STRING]-AuthorizationVLANID=[STRING]-UserName=[STRING]-UserNameFormat=[STRING]; The user passed MAC address authentication and got online successfully.
Variable fields	$1: Interface type and number. $2: MAC address. $3: ID of the VLAN through which the user accesses the device. $4: Authorization VLAN ID. $5: Username. $6: User account format: ¡ Fixed—Shared user account. ¡ MAC address—MAC-based user account.
Severity level	6
Example	MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANId=444-AuthorizationVLANID=444-UserName=00-10-84-00-22-b9-UserNameFormat=MAC address; The user passed MAC address authentication and got online successfully.
Explanation	The user passed MAC authentication.
Recommended action	No action is required.

MACA_LOGOFF

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANId=[STRING]-UserName=[STRING]-UserNameFormat=[STRING]; Session of the MAC-AUTH user was terminated.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format: ¡ Fixed—Shared user account. ¡ MAC address—MAC-based user account.
Severity level	6
Example	MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANId=444-UserName=00-10-84-00-22-b9-UserNameFormat=MAC address; Session of the MAC-AUTH user was terminated.
Explanation	The MAC authentication user was logged off.
Recommended action	Resolve the issue depending on the logoff cause. If the logoff was requested by the user, no action is required.

MACSEC messages

This section contains MACsec messages.

MACSEC_MKA_KEEPALIVE_TIMEOUT

Message text	The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING].
Variable fields	$1: SCI. $2: CKN. $3: Interface name.
Severity level	4
Example	MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1.
Explanation	A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port.
Recommended action	Check the link between the local participant and the live peer for link failure. If the link is down, recover the link.

MACSEC_MKA_PRINCIPAL_ACTOR

Message text	The actor with CKN [STRING] became principal actor on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1.
Explanation	The actor with the highest key server priority became the principal actor.
Recommended action	No action is required.

MACSEC_MKA_SAK_REFRESH

Message text	The SAK has been refreshed on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1.
Explanation	The participant on the interface derived or received a new SAK.
Recommended action	No action is required.

MACSEC_MKA_SESSION_REAUTH

Message text	The MKA session with CKN [STRING] was re-authenticated on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1.
Explanation	The interface performed 802.1X reauthentication. After the 802.1X reauthentication, the participants received a new CAK, and used it to re-establish the MKA session.
Recommended action	No action is required.

MACSEC_MKA_SESSION_SECURED

Message text	The MKA session with CKN [STRING] was secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was secured. Packets are encrypted and transmitted in cipher text. The event occurs in the following situations: · The MKA session state changes from unsecured to secured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ Both the key server and the peer support MACsec. ¡ A minimum of one participant is enabled with the MACsec desire feature.
Recommended action	No action is required.

MACSEC_MKA_SESSION_START

Message text	The MKA session with CKN [STRING] started on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1.
Explanation	The MKA session negotiation was initiated. Possible reasons include: · New CAK is available after MKA is enabled. · The user re-establishes the MKA session. · The interface that failed MKA session negotiation receives an MKA packet.
Recommended action	No action is required.

MACSEC_MKA_SESSION_STOP

Message text	The MKA session with CKN [STRING] stopped on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1.
Explanation	The MKA session was terminated. Possible reasons include: · The user removes or re-establishes the MKA session on the interface. · The link associated to the session is down.
Recommended action	1. Use the display mka session command to check whether the session exists: ¡ If the session has been re-established, ignore the message. ¡ If the session does not exist and is not removed by the user, check the link associated with the session for link failure. 2. Recover the link if the link is down.

MACSEC_MKA_SESSION_UNSECURED

Message text	The MKA session with CKN [STRING] was not secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was not secured. Packets are transmitted in plain text. The event occurs in the following situations: · The MKA session state changes from secured to unsecured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ The key server and the peer are not both MACsec capable. ¡ No participant is enabled with the MACsec desire feature.
Recommended action	To secure the MKA session, perform the following tasks: · Verify that both the key server and the peer support MACsec. · Verify that a minimum of one participant is enabled with the MACsec desire feature.

MBFD messages

This section contains MPLS BFD messages.

MBFD_TRACEROUTE_FAILURE

Message text	[STRING] is failed. ([STRING].)
Variable fields	$1: LSP information. $2: Reason for the LSP failure.
Severity level	5
Example	MBFD/5/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) is failed. (Replying router has no mapping for the FEC.) MBFD/5/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) is failed. (No label entry.)
Explanation	LSP/MPLS TE tunnel failure was detected by periodic MPLS tracert. This message is generated when the system receives an MPLS echo reply with an error return code.
Recommended action	Verify the configuration for the LSP or MPLS TE tunnel.

MBUF messages

This section contains MBUF messages.

DBL_FREE

Message text	MBUF address: [HEX] repeated release! Seq: [UINT32], CPU ID: [UINT32], [STRING]: [STRING] Seq: [UINT32], CPU ID: [UINT32], [STRING]: [STRING] Seq: [UINT32], CPU ID: [UINT32], [STRING]: [STRING] Seq: [UINT32], CPU ID: [UINT32], [STRING]: [STRING] Seq: [UINT32], CPU ID: [UINT32], [STRING]: [STRING]
Variable fields	$1: Mbuf address $2: Stack sequence number $3: ID of the CPU where the stack resides $4: Mbuf allocation or deallocation tracing (Alloc trace or Free trace) $5: Stack information $6: Stack sequence number $7: ID of the CPU where the stack resides $8: Mbuf allocation or deallocation tracing (Alloc trace or Free trace) $9: Stack information $10: Stack sequence number $11: ID of the CPU where the stack resides $12: Mbuf allocation or deallocation tracing (Alloc trace or Free trace) $13: Stack information $14: Stack sequence number $15: ID of the CPU where the stack resides $16: Mbuf allocation or deallocation tracing (Alloc trace or Free trace) $17: Stack information $18: Stack sequence number $19: ID of the CPU where the stack resides $20: Mbuf allocation or deallocation tracing (Alloc trace or Free trace) $21: Stack information
Severity level	2
Example	MBUF/2/DBL_FREE: MBUF address: 0x854f9380 repeated release! Seq: 411, CPU ID: 1, Alloc trace: bdae759c bd2becbc bd2ba850 bd2bb718 bd368d04 bd3695e4 bd369bf8 bd358dc8 bd3295b0 bd29e0f4 Seq: 412, CPU ID: 1, Free trace: bdae759c bd2becbc bd2bc020 bd369298 bd3695e4 bd369bf8 bd358dc8 bd3295b0 bd29e0f4 bd2a1e8c Seq: 413, CPU ID: 1, Free trace: bdae759c bd2becbc bd2bc020 bd3692ac bd3695e4 bd369bf8 bd358dc8 bd3295b0 bd29e0f4 bd2a1e8c Seq: 409, CPU ID: 1, Alloc trace: bdae759c bd2becbc bd2ba850 bd2bc26c bd2d3320 bd105fc4 bd007b44 bd006c88 bd102264 400646b8 Seq: 410, CPU ID: 1, Free trace: bdae759c bd2becbc bd2baefc bd2d3344 bd105fc4 bd007b44 bd006c88 bd102264 400646b8 400651b8
Explanation	An mbuf has been repeatedly released. This message records information about the five stacks that most recently used the mbuf.
Recommended action	Locate the process that repeatedly released the mbuf based on the stack information in the log message.

MBUF_DATA_BLOCK_CREATE_FAIL

Message text	Failed to create an MBUF data block because of insufficient memory. Failure count: [UINT32].
Variable fields	$1: Failure count.
Severity level	2
Example	MBUF/2/MBUF_DATA_BLOCK_CREATE_FAIL: Failed to create an MBUF data block because of insufficient memory. Failure count: 128.
Explanation	The message is output when the system fails to create an MBUF data block 1 minute or more after the most recent creation failure.
Recommended action	1. Execute the display system internal kernel memory pool \| include mbuf command in probe view to view the number of the allocated MBUF data blocks. 2. Execute the display memory command in system view to display the total size of the system memory. 3. Determine whether an excessive number of MBFU data blocks are allocated by comparing the size of the allocated MBUF data blocks with that of the system memory. ¡ If it is not an excessive number, use the memory management commands to check for the memory-intensive modules. ¡ If it is an excessive number, go to step 4. 4. Execute the display system internal mbuf socket statistics command in probe view to view the number of the MBUF data blocks buffered in the socket. Determine whether a process has too many MBUF data blocks buffered in the socket buffer. ¡ If it is too many, locate the reason why the MBUF data blocks cannot be released from the socket buffer. ¡ If it is not too many, use other means to locate the reasons for excessive allocation of MBUF data blocks. 5. If the problem persists, contact H3C Support.

STEPMEM

Message text	MBUF address [HEX] MBUF block address [HEX] STEP ON MEMORY! Stack :[STRING]
Variable fields	$1: Mbuf address $2: Mbuf block address $3: Stack information
Severity level	2
Example	MBUF/2/STEPMEM: MBUF address 780bd380 MBUF block address 780bd388 STEP ON MEMORY! Stack :bdae759c bd2be938 bd2b7ce4 bd2bbf8c bac531ec bcfe4270 bd141b94 bdaecd50 bd2a0ca4 bd2a157c bd2a1c54 bd369048 bd3695e4 bd369bf8 bd358dc8 bd3295b0
Explanation	An mbuf was overwrittern.
Recommended action	Locate the process that overwrote the memory based on the stack information in the log message. Further locating is required when one of the following conditions exists: · The mbuf was used by another process after being placed back in the MBUF queue. · The stack recorded in the log was not the one that caused the memory overwriting.

MDC messages

This section contains MDC messages.

MDC_CREATE_ERR

Message text	Failed to create MDC [UINT16] for insufficient resources.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE_ERR: -Slot=1; Failed to create MDC 2 for insufficient resources.
Explanation	The standby MPU did not have enough resources to create the MDC. At startup, the standby MPU obtains MDC configuration information from the active MPU. If the standby MPU does not have enough resources to create an MDC, it outputs this log message.
Recommended action	1. Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU. 2. Perform one of the following tasks: ¡ If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files. ¡ Use the undo mdc command to delete the specified MDC. ¡ Replace the standby MPU with an MPU that has sufficient resources.

MDC_CREATE

Message text	MDC [UINT16] was created.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE: MDC 2 was created.
Explanation	An MDC was created successfully.
Recommended action	No action is required.

MDC_DELETE

Message text	MDC [UINT16] was deleted.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_DELETE: MDC 2 was deleted.
Explanation	An MDC was deleted successfully.
Recommended action	No action is required.

MDC_KERNEL_EVENT_TOOLONG

Message text	[STRING] [UINT16] kernel event in sequence [STRING] function [STRING] failed to finish within [UINT32] minutes.
Variable fields	$1: MDC ID. $2: Kernel event phase. $3: Address of the function corresponding to the kernel event. $4: Time duration.
Severity level	4
Example	MDC/4/MDC_KERNEL_EVENT_TOOLONG: Slot=1; MDC 2 kernel event in sequence 0x4fe5 function 0xff245e failed to finish within 15 minutes.
Explanation	A kernel event stayed unfinished for a long period of time.
Recommended action	1. Reboot the card in the specified slot. 2. If the problem persists, contact HP Support.

MDC_LICENSE_EXPIRE

Message text	The MDC feature's license will expire in [UINT32] days.
Variable fields	$1: Number of days, in the range of 1 to 30.
Severity level	5
Example	MDC/5/MDC_LICENSE_EXPIRE: The MDC feature’s license will expire in 5 days.
Explanation	The license for the MDC feature was about to expire.
Recommended action	Install a new license.

MDC_NO_FORMAL_LICENSE

Message text	The feature MDC has no formal license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no formal license.
Explanation	The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU.
Recommended action	Install a formal license.

MDC_NO_LICENSE_EXIT

Message text	The MDC feature is being disabled, because it has no license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license.
Explanation	The MDC feature was disabled because the license for the MDC feature expired or was uninstalled.
Recommended action	Install the required license.

MDC_OFFLINE

Message text	MDC [UINT16] is offline now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_OFFLINE: MDC 2 is offline now.
Explanation	An MDC was stopped.
Recommended action	No action is required.

MDC_ONLINE

Message text	MDC [UINT16] is online now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_ONLINE: MDC 2 is online now.
Explanation	An MDC was started.
Recommended action	No action is required.

MDC_STATE_CHANGE

Message text	MDC [UINT16] status changed to [STRING].
Variable fields	$1: MDC ID. $2: MDC status: ¡ updating–The system is assigning interface cards to the MDC (executing the location command). ¡ stopping–The system is stopping the MDC (executing the undo mdc start command). ¡ inactive–The MDC is inactive. ¡ starting–The system is starting the MDC (executing the mdc start command). ¡ active–The MDC is operating correctly.
Severity level	5
Example	MDC/5/MDC_STATE_CHANGE: MDC 2 status changed to active.
Explanation	The status of an MDC changed.
Recommended action	No action is required.

MFIB messages

This section contains MFIB messages.

MFIB_MEM_ALERT

Message text	MFIB process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	MFIB/5/MFIB_MEM_ALERT: MFIB process receive system memory alert start event.
Explanation	The MFIB module received a memory alert event from the system.
Recommended action	1. Check the system memory to make sure the memory usage does not exceed the thresholds. 2. Release memory for the modules that occupy too many memory resources.

MGROUP messages

This section contains mirroring group messages.

MGROUP_APPLY_SAMPLER_FAIL

Message text	Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient.
Variable fields	$1: Mirroring group ID.
Severity level	3
Example	MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient.
Explanation	A sampler was not applied to the mirroring group because the sampler resources were insufficient.
Recommended action	No action is required.

MGROUP_RESTORE_CPUCFG_FAIL

Message text	Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Slot number. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group.

MGROUP_RESTORE_IFCFG_FAIL

Message text	Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Interface name. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface Ethernet3/1/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the monitor port in the mirroring group.

MGROUP_SYNC_CFG_FAIL

Message text	Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING]
Variable fields	$1: Mirroring group ID. $2: Slot number. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient.
Explanation	When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient.
Recommended action	Delete the mirroring group.

MPLS messages

This section contains MPLS messages.

MPLS_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for MPLS.
Variable fields	N/A
Severity level	4
Example	MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS.
Explanation	Hardware resources for MPLS were insufficient.
Recommended action	Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs.

MPLS_HARD_RESOURCE_RESTORE

Message text	Hardware resources for MPLS are restored.
Variable fields	N/A
Severity level	6
Example	MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resources for MPLS are restored.
Explanation	Hardware resources for MPLS were restored.
Recommended action	No action is required.

MTLK messages

This section contains Monitor Link messages.

MTLK_UPLINK_STATUS_CHANGE

Message text	The uplink of monitor link group [UINT32] is [STRING].
Variable fields	$1: Monitor link group ID. $2: Monitor Link group status, up or down.
Severity level	6
Example	MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up.
Explanation	The uplink of a monitor link group went up or down.
Recommended action	Troubleshoot the uplink when it fails.

NAT messages

This section contains NAT messages.

NAT_ADDR_BIND_CONFLICT

Message text	Invalid configuration on interface [STRING]: [STRING]. Reason: Global IP addresses already bound to another service card.
Variable fields	$1: Interface name. $2: NAT address group name.
Severity level	4
Example	NAT/4/NAT_ADDR_BIND_CONFLICT: Invalid configuration on interface Ethernet0/0/2: nat outbound address-group 1. Reason: Global IP addresses already bound to another service card.
Explanation	The NAT configuration did not take effect, because the global IP addresses that the interface references have been bound to another service card.
Recommended action	If multiple interfaces reference the same global IP addresses, you must specify the same service card to process NAT traffic passing through these interfaces. To resolve the problem: 1. Use the display nat all command to check the current configuration. 2. Remove the service card configuration on the interface. 3. Specify the same service card for interfaces referencing the same global IP addresses.

NAT_ADDRGRP_MEMBER_CONFLICT

Message text	The address range in address group [UINT16] overlaps with the address range in address group [UINT16].
Variable fields	$1: NAT address group ID. $2: NAT address group ID.
Severity level	4
Example	NAT/4/NAT_ADDRGRP_MEMBER_CONFLICT: The address range in address group 1 overlaps with the address range in address group 2.
Explanation	This message is sent if addresses in NAT address groups overlap.
Recommended action	Modify IP addresses in conflicting NAT address groups.

NAT_ADDRGRP_RESOURCE_EXHAUST

Message text	The address resources of [STRING] address group [INTEGER] are not enough.
Variable fields	$1: Address translation mode: · NO-PAT · EIM $2: Address group ID.
Severity level	4
Example	NAT/4/NAT_ADDRGRP_RESOURCE_EXHAUST: The address resources of NO-PAT address group 1 are not enough.
Explanation	The address resources for the NO-PAT or EIM mode are not enough.
Recommended action	Please add address resources.

NAT_FAILED_ADD_FLOW_RULE

Message text	Failed to add flow-table due to: [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to: Not enough resources are available to complete the operation.
Explanation	The system failed to deploy flow entries. Possible reasons include insufficient hardware resources or memory.
Recommended action	Contact H3C Support.

NAT_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Failure reason: · no enough resource. · The item already exists.
Severity level	4
Example	NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	The system failed to add a flow table due to insufficient hardware resources or NAT address overlapping.
Recommended action	If the failure is caused by insufficient hardware resources, contact H3C Support. If the failure is caused by address overlapping, reconfigure the NAT addresses. Make sure the NAT address ranges do not overlap.

NAT_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NatSrcIPAddr(1005)=[IPADDR];NatSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NatDstIPAddr(1009)=[IPADDR];NatDstPort(1010)=[UINT16];UserName(1113)=[STRING];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application layer protocol name. $3: Application service type. $4: Source IP address. $5: Source port number. $6: Source IP address after translation. $7: Source port number after translation. $8: Destination IP address. $9: Destination port number. $10: Destination IP address after translation. $11: Destination port number after translation. $12: Name of identity users. $13: Total number of incoming packets. $14: Total number of incoming bytes. $15: Total number of outgoing packets. $16: Total number of outgoing bytes. $17: Source VPN instance name. $18: Destination VPN instance name. $19: Source DS-Lite tunnel. $20: Destination DS-Lite tunnel. $21: Time when the session is created. $22: Time when the session is removed. $23: Event type. Available values are 1, 2, 3, 6, 8, and 254. $24: Event description: ¡ Session created: A NAT session was created. The value for the event type field is 8. ¡ Active data flow timeout: The duration of a NAT session exceeded the active data flow time. The value for the event type field is 6. ¡ Normal over: A NAT session ended and was deleted. The value for the event type field is 1. ¡ Aged for timeout: A NAT session was deleted because it aged out. The value for the event type field is 2. ¡ Aged for reset or config-change: A NAT session was deleted by configuration. The value for the event type field is 3. ¡ Other: A NAT session was deleted because of other reasons. For example, it was deleted by another module. The value for the event type field is 254.
Severity level	6
Example	NAT/6/NAT_FLOW: Protocol(1001)=TCP;Application(1002)=http;Category(1174)=Protocol;SrcIPAddr(1003)=46.2.1.77;SrcPort(1004)=63419;NatSrcIPAddr(1005)=146.2.1.190;NatSrcPort(1006)=50805;DstIPAddr(1007)=64.2.1.26;DstPort(1008)=80;NatDstIPAddr(1009)=64.2.1.26;NatDstPort(1010)=80;InitPktCount(1044)=1;InitByteCount(1046)=56;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=09072021103948;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · A NAT session is created or removed. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached.
Recommended action	No action is required.

NAT_INTERFACE_RESOURCE_EXHAUST

Message text	The address resources of Easy-IP-EIM interface [STRING] are not enough.
Variable fields	$1: Interface name.
Severity level	4
Example	NAT/4/NAT_INTERFACE_RESOURCE_EXHAUST: The address resources of EASY-IP-EIM interface Route-Aggregation1 are not enough.
Explanation	The address resources for the Easy-IP-EIM mode on the interface are not enough.
Recommended action	Please add address resources.

NAT_NOPAT_IP_USAGE_ALARM

Message text	Address group [UINT16], total IP addresses [UINT16], used IP addresses [UINT16], usage rate over [UINT16]%.
Variable fields	$1: NAT address group ID. $2: Number of total IP addresses in the NAT address group. $3: Number of used IP addresses in the NAT address group. $4: IP usage of the NAT address group.
Severity level	6
Example	NAT/6/NAT_NOPAT_IP_USAGE_ALARM: -Context=1; Address group 1, total IP addresses 10, used IP addresses 9, usage rate over 90%.
Explanation	This message is sent when the IP usage of the NAT address group in NO-PAT mode exceeded the threshold.
Recommended action	No action is required.

NAT_NOPAT_OBJGRP_IP_USAGE_ALARM

Message text	The usage (used IP addresses [UINT16] divided by total IP addresses [UINT16]) of IP addresses in object group [STRING] reached [UINT16]%.
Variable fields	$1: Number of used IP addresses in the object group. $2: Number of total IP addresses in the object group. $3: Name of the object group. $4: IP usage of the object group.
Severity level	6
Example	NAT/6/NAT_NOPAT_OBJGRP_IP_USAGE_ALARM: -Context=1; The usage (used IP addresses 9 divided by total IP addresses 10) of IP addresses in object group obj1 reached 90%.
Explanation	This message is sent when the IP usage of the referenced object group in NO-PAT mode exceeded the threshold.
Recommended action	No action is required.

NAT_OBJGRP_RESOURCE_EXHAUST

Message text	The address resources of object group [STRING] for [STRING] are insufficient.
Variable fields	$1: Name of the object group. $2: Address translation mode: · NO-PAT · EIM
Severity level	4
Example	NAT/4/NAT_OBJGRP_RESOURCE_EXHAUST: The address resources of object group ob1 for NO-PAT are insufficient.
Explanation	The address resources in the referenced object group for the NO-PAT or EIM mode are insufficient.
Recommended action	Please add address resources to the object group.

NAT_PORTBLOCKGRP_ADDRESS_WARNING

Message text	Insufficient memory due to large [STRING] address range in port block group [UINT16]. Please reconfigure the [STRING] address range.
Variable fields	$1: Address type: · local—Private IP address. · global—Public IP address $2: Number of the static port block group. $3: Address type: · local—Private IP address. · global—Public IP address.
Severity level	4
Example	NAT/4/NAT_PORTBLOCKGRP_ADDRESS_WARNING: Insufficient memory due to large local address range in port block group 0. Please reconfigure the local address range.
Explanation	The device does not have enough memory for the static port block group because the private or public address range in this port block group is too large.
Recommended action	Modify the private or public address range in the port block group.

NAT_SERVER_INVALID

Message text	The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Variable fields	N/A
Severity level	4
Example	NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Explanation	The NAT Server with Easy IP did not take effect because its global settings conflict with that the global settings of another NAT Server on the same interface.
Recommended action	Modify the NAT Server configuration on the interface. The combination of protocol type, global IP addresses and global ports must be unique for each NAT Server on the same interface.

NAT_SERVICE_CARD_RECOVER_FAILURE

Message text	Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING].
Variable fields	Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails.
Severity level	4
Example	NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on slot 3 to interface GigabitEthernet0/0/2, because NAT service is not supported on this service card.
Explanation	Restoring the binding between the service card and the interface failed.
Recommended action	· If the operation fails because the NAT addresses have already been bound to another service card: ¡ Use the display nat all command to check the current configuration. ¡ Specify the same service card for interfaces referencing the same NAT addresses. · Check the service card for hardware problems if the failure is caused by one of the following reasons: ¡ NAT service is not supported on this service card. ¡ The hardware resources are not enough. ¡ Unknown error.

NAT444_PORTBLOCK_USAGE_ALARM

Message text	Address group [UINT16], total port blocks [UINT16], active port blocks [UINT16], usage rate over [UINT16]%.
Variable fields	$1: Address group ID. $2: Number of port blocks in the address group. $3: Number of assigned port blocks in the address group. $4: Port block usage.
Severity level	6
Example	NAT/6/NAT444_PORTBLOCK_USAGE_ALARM: -Context=1; Address group 1003, total port blocks 10, active port blocks 9, usage rate over 90%.
Explanation	This message is sent when the port block usage assigned by dynamic NAT444 exceeds the specified threshold.
Recommended action	Please add port block resources.

ND messages

This section contains ND messages.

ND_CONFLICT

Message text	[STRING] is inconsistent.
Variable fields	$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME.
Severity level	6
Example	ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent
Explanation	The configuration information in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected.
Recommended action	Verify that the configurations on the device and the neighboring router are consistent.

ND_DUPADDR

Message text	Duplicate address: [STRING] on the interface [STRING].
Variable fields	$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface.
Severity level	6
Example	ND/6/ND_DUPADDR: Duplicate address: 33::8 on interface Vlan-interface9.
Explanation	The IPv6 address that was to be assigned to the interface is being used by another device.
Recommended action	Assign another IPv6 address to the interface.

ND_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface [STRING].
Variable fields	$1: IPv6 global unicast address of the host. $2: Name of the interface. $3: Name of the interface.
Severity level	4
Example	ND/4/ND_HOST_IP_CONFLICT: The host 2::2 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface GigabitEthernet1/0/1.
Explanation	The IPv6 global unicast address of the host is being used by another host that connects to the same interface.
Recommended action	Disconnect the host and assign another IPv6 global unicast address to the host.

ND_MAC_CHECK

Message text	Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING].
Variable fields	$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet.
Severity level	6
Example	ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002.
Explanation	The device dropped an ND packet because source MAC consistency check detected that source MAC address and the source link-layer address are not the same in the packet.
Recommended action	Verify the validity of the ND packet originator.

ND_SET_PORT_TRUST_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_SET_VLAN_REDIRECT_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_MAXNUM_IF

Message text	The number of dynamic neighbor entries on interface [STRING] has reached the maximum.
Variable fields	$1: Interface name.
Severity level	6
Example	The number of dynamic neighbor entries on interface GigabitEthernet3/0/1 has reached the maximum.
Explanation	The number of dynamic neighbor entries on the interface has reached the upper limit.
Recommended action	No action is required.

ND_MAXNUM_DEV

Message text	The number of dynamic neighbor entries for the device has reached the maximum.
Variable fields	N/A
Severity level	6
Example	The number of dynamic neighbor entries for the device has reached the maximum.
Explanation	The number of dynamic neighbor entries on the device has reached the upper limit.
Recommended action	No action is required.

NETCONF messages

This section contains NETCONF messages.

CLI

Message text	User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING]
Variable fields	$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason.
Severity level	6
Example	XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded.
Explanation	After a CLI command is executed by using NETCONF, the device outputs this message to show the operation result.
Recommended action	No action is required.

EDIT-CONFIG

Message text	User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Succeeded. Or User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed. [STRING] Or User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed, XPath=[STRING], error message=[STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative line number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. $4: Message ID of the NETCONF request. $5: Error message or XPath expression for an incorrect row. ¡ This field displays an error message if the verbose keyword is not specified in the netconf log command and the failure is caused by a known reason. ¡ This field displays an XPath expression if the verbose keyword is specified in the netconf log command. $6: Error message. This field is displayed only if the verbose keyword is specified in the netconf log command.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.100.20, session ID 1) performed an edit-config operation: message ID=101, operation result=Succeeded.
Explanation	The device outputs this log message for each NETCONF setting in an <edit-config> operation to show the configuration result.
Recommended action	No action is required.

NETCONF_MSG_DEL

Message text	A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Variable fields	N/A
Severity level	7
Example	NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Explanation	The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit.
Recommended action	1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Contact H3C Support to segment the request message and then re-encapsulate the segments before sending them to the device.

ROW-OPERATION

Message text	User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative line number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. If there is no session ID, this field is not displayed. $4: Message ID of the NETCONF request. If there is no message ID, this field is not displayed. $5: NETCONF row operation name. $6: Module name and table name. $7: Index information enclosed in a pair of parentheses. If there is not an index, this field is not displayed. If there are multiple indexes, the indexes are separated by commas. $8: Result of the NETCONF row operation, Succeeded or Failed. $9: Attribute column information. If there is no attribute column, this field is not displayed.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.100.20, session ID 1), message ID=1, operation=create Ifmgr/Interfaces (IfIndex="GigabitEthernet1/0/1"), result=Succeeded. Attributes: Description="This is Desc1", AdminDown=1, Speed=1.
Explanation	The device outputs this log message for each NETCONF row operation. Only action and set operations support this log message.
Recommended action	No action is required.

REPLY

Message text	Sent a NETCONF reply to the client: Session ID=[UINT16], Content=[STRING]. Or Sent a NETCONF reply to the client: Session ID=[UINT16], Content (partial)=[STRING].
Variable fields	$1: ID of the NETCONF session. This field displays a hyphen (-) before the NETCONF session is established. $2: NETCONF packet that the device sent to the NETCONF client.
Severity level	7
Example	XMLSOAP/7/REPLY: -MDC=1; Sent a NETCONF reply to the client: Session ID=2, Content=</env:Body></env:Envelope>.
Explanation	When sending a NETCONF packet to a client, the device outputs this log message for NETCONF debugging purposes. If a NETCONF packet cannot be sent in one log message, the device uses multiple log messages and adds the partial flag in each log message.
Recommended action	No action is required.

THREAD

Message text	Maximum number of NETCONF threads already reached.
Variable fields	N/A
Severity level	3
Example	XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached.
Explanation	The number of NETCONF threads already reached the upper limit.
Recommended action	Please try again later.

NETSHARE messages

This section contains NetShare control messages.

NETSHARE_IPV4_LOG

Message text	SrcIPAddr(1003)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING];FreezeTime(1126)=[UINT16].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: Number of terminals sharing the IP address. $5: NetShare control policy name. $6: Action on the shared IP address: Freeze. $7: Time the IP address will be frozen, in minutes.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV4_LOG:SrcIPAddr(1003)=65.1.1.100;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Freeze;FreezeTime(1126)=120min.
Explanation	The number of terminals sharing the IPv4 address exceeded the limit set in the NetShare control policy. This message is sent when the IPv4 address is frozen according to the action set in the policy or is manually frozen.
Recommended action	No action is required.

NETSHARE_IPV4_LOG

Message text	SrcIPAddr(1003)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: Number of terminals sharing the IP address. $5: NetShare control policy name. $6: Action on the shared IP address. The value can be: ¡ Permit. ¡ Unfreeze.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV4_LOG:SrcIPAddr(1003)=65.1.1.100;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Permit.
Explanation	The number of terminals sharing the IPv4 address exceeded the limit set in the NetShare control policy. This message is sent when the packet is permitted to pass through according to the action in the policy or is manually unfrozen.
Recommended action	No action is required.

NETSHARE_IPV6_LOG

Message text	SrcIPv6Addr(1036)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING];FreezeTime(1126)=[UINT16].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: Number of terminals sharing the IP address. $5: NetShare control policy name. $6: Action on the shared IP address: Freeze. $7: Time the IP address will be frozen, in minutes.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV6_LOG:SrcIPv6Addr(1036)=3001::2;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Freeze;FreezeTime(1126)=120min.
Explanation	The number of terminals sharing the IPv6 address exceeded the limit set in the NetShare control policy. This message is sent when the IPv6 address is frozen according to the action set in the policy or is manually frozen.
Recommended action	No action is required.

NETSHARE_IPV6_LOG

Message text	SrcIPv6Addr(1036)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: Number of terminals sharing the IP address. $5: NetShare control policy name. $6: Action to take on the shared IP address. The value can be: ¡ Permit. ¡ Unfreeze.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV6_LOG:SrcIPv6Addr(1036)=3001::2;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Permit.
Explanation	The number of terminals sharing the IPv6 address exceeded the limit set in the NetShare control policy. This message is sent when the packet is permitted to pass through according to the action set in the policy or is manually unfrozen.
Recommended action	No action is required.

NETSHARE_IPV4_BLS_LOG

Message text	SrcIPAddr(1003)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];PolicyName(1079)=[STRING].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: NetShare control policy name.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV4_BLS_LOG:SrcIPAddr(1003)=65.1.1.100;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;PolicyName(1079)=test.
Explanation	This message is sent when a packet is detected from a frozen IPv4 address.
Recommended action	No action is required.

NETSHARE_IPV6_BLS_LOG

Message text	SrcIPv6Addr(1036)=[IPADDR];UserName(1113)=[STRING];RcvVPNInstance(1042)=[STRING];PolicyName(1079)=[STRING].
Variable fields	$1: Source IP address. $2: Username. $3: Source VPN instance name. $4: NetShare control policy name.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV6_BLS_LOG:SrcIPv6Addr(1036)=3001::2;UserName(1113)=test;RcvVPNInstance(1042)=vpn1;PolicyName(1079)=test.
Explanation	This message is sent when a packet is detected from a frozen IPv6 address.
Recommended action	No action is required.

NQA messages

This section contains NQA messages.

NQA_ENTRY_PROBE_RESULT

Message text	Reaction entry [STRING] of NQA entry admin-name [STRING] operation-tag [STRING]: [STRING].
Variable fields	$1: ID of the NQA reaction entry. The value range is 1 to 10. $2: Admin name of the NQA entry. $3: Operation tag of the NQA entry. $4: Test result. The value can be: ¡ Probe-pass: Succeeded. ¡ Probe-fail: Failed.
Severity level	6
Example	NQA/6/NQA_ENTRY_PROBE_RESULT Reaction entry 1 of NQA entry admin-name 1 operation-tag 1: Probe-pass.
Explanation	A change in the monitoring result of an NQA reaction entry was detected.
Recommended action	If the test result is Probe-fail, check the network environment.

NQA_LOG_UNREACHABLE

Message text	Server [STRING] unreachable.
Variable fields	$1: IP address of the NQA server.
Severity level	6
Example	NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable.
Explanation	An unreachable server was detected.
Recommended action	Check the network environment.

NQA_SCHEDULE_FAILURE

Message text	NQA entry ([ STRING ]- [ STRING ]): Failed to start the scheduled NQA operation because port [ STRING] used by the operation is not available.
Variable fields	$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Port number.
Severity level	6
Example	NQA/6/NQA_SCHEDULE_FAILURE: NQA entry (admin-tag): Failed to start the scheduled NQA operation because port 10000 used by the operation is not available.
Explanation	Failed to start a scheduled NQA operation because the port number used by the operation is not available.
Recommended action	Change the port number of the NQA operation or disable the service that uses the port number.

NQA_SET_DRIVE_FAIL

Message text	NQA entry admin-name [STRING] operation-tag [STRING]: [STRING].
Variable fields	$1: Admin name of the NQA entry. $2: Operation tag of the NQA entry. $3: Reason for the failure to issue the NQA operation to driver: ¡ Operation failed due to configuration conflicts. ¡ Operation failed because the driver was not ready to perform the operation. ¡ Operation not supported. ¡ Not enough resources to complete the operation. ¡ Operation failed due to an unkonwn error.
Severity level	6
Example	NQA/6/ NQA_SET_DRIVE_FAIL NQA entry admin-name 1 operation-tag 1: Not enough resources to complete the operation.
Explanation	Failed to issue the NQA operation to driver.
Recommended action	Follow the instructions to check the configuration.

NQA_SEVER_FAILURE

Message text	Failed to enable the NQA server because listening port [ STRING ] is not available.
Variable fields	$1: Port number.
Severity level	6
Example	NQA/6/NQA_SEVER_FAILURE: Failed to enable the NQA server because listening port 10000 is not available.
Explanation	Failed to enable the NQA server because the port number specified for a listening service is not available.
Recommended action	Change the port number of the listening service or disable the service that uses the port number.

NQA_START_FAILURE

Message text	NQA entry ([STRING]-[STRING]): [STRING]
Variable fields	$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Failure reason: · Operation failed due to configuration conflicts. · Operation failed because the driver was not ready to perform the operation. · Operation not supported. · Not enough resources to complete the operation. · Operation failed due to an unknown error.
Severity level	6
Example	NQA/6/NQA_START_FAILURE: NQA entry 1-1: Operation failed due to configuration conflicts.
Explanation	The message is sent when the system fails to issue an NQA operation to the drive because of the configuration conflicts.
Recommended action	1. Examine the parameters for the incorrect settings, modify the settings, and restart the Y.1564 operation. 2. If the problem persists, contact H3C Support.

NQA_TWAMP_LIGHT_PACKET_INVALID

Message text	NQA TWAMP Light test session [UINT32] index [UINT32]: The number of packets captured for statistics collection is invalid.
Variable fields	$1: Test session ID. $2: Serial number of the statistics data.
Severity level	6
Example	NQA/6/ NQA_TWAMP_LIGHT_PACKET_INVALID: NQA TWAMP Light test session 1 index 7: The number of packets captured for statistics collection is invalid.
Explanation	The number of probe packets was invalid in the TWAMP Light test because the test collection interval was shorter than the packet sending interval.
Recommended action	Verify that the test collection interval is no less than the packet sending interval.

NQA_TWAMP_LIGHT_REACTION

Message text	NQA TWAMP Light test session [UINT32] reaction entry [UINT32]: Detected continual violation of the [STRING] [STRING] threshold for a threshold violation monitor time of [UINT32] ms.
Variable fields	$1: Test session ID. $2: Reaction entry ID. $3: Reaction entry type: · Two-way delay. · Two-way loss. · Two-way jitter. $4: Threshold violation value: · upper—Be equal to or greater than the upper threshold limit. · lower—Be equal to or less than the lower threshold limit. $5: Statistics collection interval.
Severity level	6
Example	NQA/6/NQA_TWAMP_LIGHT_REACTION: NQA TWAMP Light test session 1 reaction entry 1: Detected continual violation of the two-way loss upper threshold for a threshold violation monitor time of 2000 ms.
Explanation	In a TWAMP test, the device monitors the test result, and starts the monitoring time when either of the following conditions is met: · The monitoring result goes beyond the upper threshold limit. · The monitoring result drops below the lower threshold limit from a monitoring result higher than the lower limit. If either condition is always true during the monitoring time, a threshold violation occurs.
Recommended action	No action is required.

NQA_TWAMP_LIGHT_START_FAILURE

Message text	NQA TWAMP Light test session [UINT32]: Failed to start the test session. Please check the parameters.
Variable fields	$1: Test session ID.
Severity level	6
Example	NQAS/6/NQA_TWAMP_LIGHT_START_FAILURE: NQA TWAMP Light test session 1: Failed to start the test session, Please check the parameters.
Explanation	This message is sent when the TWAMP Light responder failed to start the test session. The message asks you to examine the parameter settings.
Recommended action	1. Execete the display this command to examine the parameter settings of the test-session command. 2. Re-execute the test-session command with the required parameters according to your network requirements.

NTP messages

This section contains NTP messages.

NTP_CLOCK_CHANGE

Message text	System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING].
Variable fields	$1: Time before synchronization. $2: Time after synchronization. $3: IP address.
Severity level	5
Example	NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58 12/28/2012 to 02:29:12 12/28/2012, the NTP server's IP address is 192.168.30.116.
Explanation	The NTP client has synchronized its time to the NTP server.
Recommended action	No action is required.

NTP_LEAP_CHANGE

Message text	System Leap Indicator changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original Leap Indicator. $2: Current Leap Indicator.
Severity level	5
Example	NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update.
Explanation	The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one.
Recommended action	No action is required.

NTP_SOURCE_CHANGE

Message text	NTP server's IP address changed from [STRING] to [STRING].
Variable fields	$1: IP address of the original time source. $2: IP address of the new time source.
Severity level	5
Example	NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2.
Explanation	The system changed the time source.
Recommended action	No action is required.

NTP_SOURCE_LOST

Message text	Lost synchronization with NTP server with IP address [STRING].
Variable fields	$1: IP address.
Severity level	5
Example	NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1.
Explanation	The clock source of the NTP association is in unsynchronized state or it is unreachable.
Recommended action	1. Verify the NTP server and network connection. 2. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 3. If the problem persists, contract H3C Support.

NTP_STRATUM_CHANGE

Message text	System stratum changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original stratum. $2: Current stratum.
Severity level	5
Example	NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update.
Explanation	System stratum has changed.
Recommended action	No action is required.

OBJP messages

This section contains object policy messages.

OBJP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] object-policy [STRING]. The resources are insufficient.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NO_RES: Failed to accelerate IPv6 object-policy a. The resources are insufficient.
Explanation	Object policy acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for other object policies to release hardware resources.

OBJP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] object-policy [STRING]. The operation is not supported.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 object-policy a. The operation is not supported.
Explanation	Object policy acceleration failed because the system did not support acceleration.
Recommended action	No action is required.

OBJP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] object-policy [STRING].
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 object-policy a.
Explanation	Object policy acceleration failed because of a system failure.
Recommended action	No action is required.

OBJP_RULE_CREATE_SUCCESS

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type. $3: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_CREATE_SUCCESS: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule was created successfully.
Recommended action	No action is required.

OBJP_RULE_CREATE_FAIL

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type. $3: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_CREATE_FAIL: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule failed to be created.
Recommended action	No action is required.

OBJP_RULE_UPDATE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type. $4: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_UPDATE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule was modified successfully.
Recommended action	No action is required.

OBJP_RULE_UPDATE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type. $4: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_UPDATE_FAIL: RuleName(1080)=zone1-zone2;RuleID[1078]=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule failed to be modified.
Recommended action	No action is required.

OBJP_RULE_DELETE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_DELETE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	An object policy rule was deleted successfully.
Recommended action	No action is required.

OBJP_RULE_DELETE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_DELETE_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	An object policy rule failed to be deleted.
Recommended action	No action is required.

OBJP_RULE_CLRSTAT_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_CLRSTAT_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for an object policy rule were cleared successfully.
Recommended action	No action is required.

OBJP_RULE_CLRSTAT_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_CLRSTAT_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for an object policy rule failed to be cleared.
Recommended action	No action is required.

OBJP_APPLY_POLICY_FAIL

Message text	Failed to apply [STRING] object policy [STRING]. The object policy does not exist.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_APPLY_POLICY_FAIL: Failed to apply IPv4 object policy a. The object policy does not exist.
Explanation	An object policy failed to be applied because the object policy doesn't exist.
Recommended action	No action is required.

OBJP_APPLAY_INFO

Message text	Failed to apply policy [STRING]. Reason: [STRING].
Variable fields	$1: Object policy name. $2: Failure reason.
Severity level	4
Example	OBJP/4/OBJP_APPLAY_INFO: Failed to apply policy P1. Reason: The operation is not supported.
Explanation	An object policy failed to be applied.
Recommended action	No action is required.

OFP messages

This section contains OpenFlow messages.

OFP_ACTIVE

Message text	Activate openflow instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	5
Example	OFP/5/OFP_ACTIVE: Activate openflow instance 1.
Explanation	A command is received from comsh to activate an OpenFlow instance.
Recommended action	No action is required.

OFP_ACTIVE_FAILED

Message text	Failed to activate instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	4
Example	OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1.
Explanation	An OpenFlow instance cannot be activated.
Recommended action	No action is required.

OFP_CONNECT

Message text	Openflow instance [UINT16], controller [CHAR] is [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Connection status: connected or disconnected.
Severity level	5
Example	OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected.
Explanation	The connection status with a controller is changed in an OpenFlow instance.
Recommended action	No action is required.

OFP_FAIL_OPEN

Message text	Openflow instance [UINT16] is in fail [STRING] mode.
Variable fields	$1: Instance ID. $2: Connection interruption mode: secure or standalone.
Severity level	5
Example	OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode.
Explanation	An activated instance cannot connect to any controller or is disconnected from all controllers. The connection interrupt mode is also displayed.
Recommended action	No action is required.

OFP_FAIL_OPEN_FAILED

Message text	OpenFlow instance [UINT16]: [STRING] fail-open mode configuration failed and the secure mode is restored.
Variable fields	$1: Instance ID. $2: Connection interruption mode, which is standalone.
Severity level	4
Example	OFP/4/OFP_FAIL_OPEN_FAILED: OpenFlow instance 1: standalone fail-open mode configuration failed and the secure mode is restored.
Explanation	Because of insufficient resources, the configuration of standalone connection interruption mode (set by using the fail-open mode command) for an OpenFlow instance failed and the default secure mode was restored.
Recommended action	Contact H3C Support.

OFP_FLOW_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie of the flow entry. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0.
Explanation	A flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_DUP

Message text	Openflow instance [UINT16] controller [CHAR]: add duplicate flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_DUP: Openflow instance 1 controller 0: add duplicate flow entry 1, xid 0x1, cookie 0x1, table id 0.
Explanation	A duplicate flow entry was added.
Recommended action	No action is required.

OFP_FLOW_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry1, table id 0.
Explanation	Failed to add a flow entry.
Recommended action	No action is required.

OFP_FLOW_ADD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A table-miss flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0.
Explanation	Failed to add a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_L2VPN_DISABLE

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because L2VPN was disabled.
Variable fields	$1: Number of flow entries that were deleted. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_L2VPN_DISABLE: 5 flow entries in table 1 of instance 1 were deleted because L2VPN was disabled.
Explanation	A list of flow entries were deleted because L2VPN was disabled.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of table-misses flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0.
Explanation	Failed to delete a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL_VSIIF_DEL

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because the Vsi-interface in VSI [STRING] was deleted.
Variable fields	$1: Number of flow entries that were deleted. $2: Table ID. $3: Instance ID. $4: VSI name.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_VSIIF_DEL: 5 flow entries in table 1 of instance 1 were deleted because the Vsi-interface in VSI VSI-OFP was deleted.
Explanation	A list of flow entries were deleted because a VSI interface was deleted.
Recommended action	No action is required.

OFP_FLOW_DEL_VXLAN_DEL

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because a tunnel (ifindex [UINT32]) in VXLAN [UINT32] was deleted.
Variable fields	$1: Number of flow entries that were deleted. $2: Table ID. $3: Instance ID. $4: Index of a tunnel interface. $5: VXLAN ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_VXLAN_DEL: 5 flow entries in table 1 of instance 1 were deleted because a tunnel (ifindex 1693) in VXLAN 1000 was deleted.
Explanation	A list of flow entries were deleted because a VXLAN tunnel was deleted.
Recommended action	No action is required.

OFP_FLOW_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0.
Explanation	Failed to modify a flow entry.
Recommended action	The controller must retry to modify the flow entry. If the flow entry still cannot be modified, the controller will delete it.

OFP_FLOW_MOD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0.
Explanation	Failed to modify a table-miss flow entry.
Recommended action	The controller must retry to modify the table-miss flow entry. If the entry still cannot be modified, the controller will delete it.

OFP_FLOW_RMV_GROUP

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance 1 was deleted with a group_mod message.
Explanation	A flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_FLOW_RMV_HARDTIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_HARDTIME: The flow entry 1 in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	A flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_IDLETIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_IDLETIME: The flow entry 1 in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	A flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_METER

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance1 was deleted with a meter_mod message.
Explanation	A flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OFP_GROUP_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1.
Explanation	A group entry is to be added to a group table, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1.
Explanation	Failed to add a group entry.
Recommended action	No action is required.

OFP_GROUP_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1.
Explanation	A group entry is to be deleted, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1.
Explanation	A group entry is to be modified, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1.
Explanation	Failed to modify a group entry.
Recommended action	The controller must retry to modify the group. If the group still cannot be modified, the controller will delete it.

OFP_METER_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1.
Explanation	A meter entry is to be added to a meter table.
Recommended action	No action is required.

OFP_METER_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1.
Explanation	Failed to add a meter entry.
Recommended action	No action is required.

OFP_METER_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1.
Explanation	A meter entry is to be deleted, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1.
Explanation	A meter entry is to be modified, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1.
Explanation	Failed to modify a meter entry.
Recommended action	The controller must retry to modify the meter entry. If the meter entry still cannot be modified, the controller will delete it.

OFP_MISS_RMV_GROUP

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_GROUP: The table-miss flow entry in table 0 of instance 1 was deleted with a group_mod message.
Explanation	The table-miss flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_MISS_RMV_HARDTIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_HARDTIME: The table-miss flow entry in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	The table-miss flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_IDLETIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_IDLETIME: The table-miss flow entry in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	The table-miss flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_METER

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_METER: The table-miss flow entry in table 0 of instance 1 was deleted with a meter_mod message.
Explanation	The table-miss flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OPENSRC (RSYNC) messages

This section contains OPENSRC RSYNC messages.

Synchronization success

Message text	Rsync transfer statistics(sn=[STRING]):Src files([STRING]::[STRING]) sync transfer successfully.
Variable fields	$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) sync transfer successfully.
Explanation	The file synchronization succeeded.
Recommended action	No action is required.

Synchronization failure

Message text	Rsync error(sn=[STRING]):Src files([STRING]::[STRING]) [NUMBER] files transfer failed.
Variable fields	$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server. $4: Number of files that failed to be synchronized.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) 2 files transfer failed.
Explanation	The device failed to synchronize files from the server and recorded the number of files that failed to be synchronized.
Recommended action	Take actions according to the failure reasons displayed in the synchronization error log.

Synchronization error

Message text	Rsync error(sn=[STRING]): [STRING].
Variable fields	$1: Sequence number of the device. $2: Failure reasons. Available options include: ¡ error starting client-server protocol—The RSYNC process on the device has malfunctioned and cannot provide synchronization services. ¡ error in socket IO—An error occurred to the socket for synchronization. ¡ error in file IO—An error occurred during file system reading. ¡ some files/attrs were not transferred (see previous errors)—Some files or file attributes failed to be synchronized. ¡ error allocating core memory buffers—An error occurred in memory application. ¡ timeout waiting for daemon connection—The request for connection to the server timed out.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync error(sn=2013AYU0711103): error starting client-server protocol .
Explanation	The device recorded the synchronization failure reasons.
Recommended action	To resolve the problem, you can perform the following tasks: · Verify that the rsync command syntax is correct. · Verify that the server is reachable. · Verify that the local disk is not full. · Verify that the user is authorized to perform the synchronization.

OPTMOD messages

This section contains transceiver module messages.

BIAS_HIGH

Message text	[STRING]: Bias current is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/13: Bias current is high.
Explanation	The bias current of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_LOW

Message text	[STRING]: Bias current is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/13: Bias current is low.
Explanation	The bias current of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_NORMAL

Message text	[STRING]: Bias current is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/13: Bias current is normal.
Explanation	The bias current of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

CFG_ERR

Message text	[STRING]: Transceiver type and port configuration mismatched.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/CFG_ERR: GigabitEthernet1/0/13: Transceiver type and port configuration mismatched.
Explanation	The transceiver module type does not match the port configurations.
Recommended action	Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations.

CHKSUM_ERR

Message text	[STRING]: Transceiver information checksum error.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/13: Transceiver information checksum error .
Explanation	Checksum verification on the register information on the transceiver module failed.
Recommended action	Replace the transceiver module, or contact H3C Support.

FIBER_SFPMODULE_INVALID

Message text	[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible.
Variable fields	$1: Interface type and number. $2: Number of days that the transceiver module will be invalid.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/13: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible.
Explanation	The transceiver module is not compatible with the interface card.
Recommended action	Replace the transceiver module.

FIBER_SFPMODULE_NOWINVALID

Message text	[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/13: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Explanation	The system does not support the transceiver module.
Recommended action	Replace the transceiver module.

IO_ERR

Message text	[STRING]: The transceiver information I/O failed.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/IO_ERR: GigabitEthernet1/0/13: The transceiver information I/O failed.
Explanation	The device failed to access the register information of the transceiver module.
Recommended action	Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module.

MOD_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/13: Module_not_ready was removed..
Explanation	A fault was removed from the transceiver module.
Recommended action	No action is required.

MOD_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/13: Module_not_ready wasdetected.
Explanation	A fault was detected on the transceiver module.
Recommended action	1. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

MODULE_IN

Message text	[STRING]: The transceiver is [STRING].
Variable fields	$1: Interface type and number. $2: Type of the transceiver module.
Severity level	4
Example	OPTMOD/4/MODULE_IN: GigabitEthernet1/0/13: The transceiver is 1000_BASE_T_AN_SFP.
Explanation	When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type.
Recommended action	No action is required.

MODULE_OUT

Message text	[STRING]: Transceiver absent.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: Transceiver absent.
Explanation	The transceiver module was removed.
Recommended action	No action is required.

OPTICAL_WARNING_CLEAR

Message text	Transceiver warning alarm cleared. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location. $4: Error code. $5: Reason for the fault.
Severity level	4
Example	OPTMOD/4/OPTICAL_WARNING_CLEAR: Transceiver warning alarm cleared. (PhysicalIndex=8833, PhysicalName=HGE1/3/0/7, RelativeResource=1/3/0, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.)
Explanation	A warning alarm for the specified transceiver module was cleared.
Recommended action	No action is required.

OPTICAL_WARNING_OCCUR

Message text	Transceiver warning alarm occurred. (PhysicalIndex=<[UINT]>, PhysicalName=<[STRING]>, RelativeResource=<[STRING]>, ErrorCode=<[UINT]>, Reason=<[STRING]>)
Variable fields	$1: Entity index. $2: Entity name. $3: Fault location. $4: Error code. $5: Reason for the fault.
Severity level	4
Example	OPTMOD/4/OPTICAL_WARNING_OCCUR: Transceiver warning alarm occurred. (PhysicalIndex=8833, PhysicalName=HGE1/3/0/7, RelativeResource=1/3/0, ErrorCode=600060, Reason=Transceiver RXCDR_unlock detected. Lane = 1.)
Explanation	A warning alarm occurred for the specified transceiver module.
Recommended action	1. Ensure secure connection between the transceiver module and optical fiber. 2. Remove and reinstalled transceiver into the port. 3. Make sure the card is operating correctly. 4. Resolve the issue based on the error code. 5. If the issue persists, contact the technical support.

OPTMOD_COUNTERFEIT_MOUDULE

Message text	The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. [STRING]: Transceiver type [STRING], SN [STRING].
Variable fields	$1: Interface type and number. $2: Transceiver type. $3: Transceiver sequence number.
Severity level	3
Example	OPTMOD/3/OPTMOD_COUNTERFEIT_MODULE: The following transceiver you are using is suspected to be a counterfeit/pirated/unauthorized H3C transceiver, which might cause compatibility problems and expose your device to security threats. Please contact H3C for further detection and verification promptly. GigabitEthernet1/0/1: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. GigabitEthernet1/0/2: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103.
Explanation	This log is generated when a probably counterfeit/pirated/unauthorized H3C transceiver module is detected. For a counterfeit/pirated/unauthorized H3C transceiver module, you cannot obtain any data from the display transceiver diagnosis command.
Recommended action	Contact Technical Support.

OPTMOD_MODULE_CHECK

Message text	An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Variable fields	N/A
Severity level	6
Example	OPTMOD/6/OPTMOD_MODULE_CHECK: An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Explanation	The log is generated when an H3C transceiver module is detected. It reminds the user to verify the authenticity of the transceiver module from the H3C website (www.h3c.com).
Recommended action	No action is required.

PHONY_MODULE

Message text	[STRING]: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Explanation	This log is generated when a non-H3C transceiver module is detected.
Recommended action	Purchase and use genuine H3C transceiver modules for the device.

RX_ALM_OFF

Message text	STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/13: RX_not_ready was removed.
Explanation	An RX fault was removed from the transceiver module.
Recommended action	No action is required.

RX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/13: RX_not_ready was detected.
Explanation	An RX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

RX_POW_HIGH

Message text	[STRING]: RX power is high.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/13: RX power is high.
Explanation	The RX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_LOW

Message text	[STRING]: RX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/13: RX power is low.
Explanation	The RX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_NORMAL

Message text	[STRING]: RX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/13: RX power is normal.
Explanation	The RX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TEMP_HIGH

Message text	[STRING]: Temperature is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/13: Temperature is high.
Explanation	The temperature of the transceiver module exceeded the high threshold.
Recommended action	1. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 2. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 3. Replace the transceiver module.

TEMP_LOW

Message text	[STRING]: Temperature is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/13: Temperature is low.
Explanation	The temperature of the transceiver module went below the low threshold.
Recommended action	1. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 2. Replace the transceiver module.

TEMP_NORMAL

Message text	[STRING]: Temperature is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/13: Temperature is normal.
Explanation	The temperature of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TX_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/13: TX_fault was removed.
Explanation	A TX fault was removed from the transceiver module.
Recommended action	No action is required.

TX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/13: TX_fault was detected.
Explanation	A TX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

TX_POW_HIGH

Message text	[STRING]: TX power is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/13: TX power is high.
Explanation	The TX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_LOW

Message text	[STRING]: TX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/13: TX power is low.
Explanation	The TX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_NORMAL

Message text	[STRING]: TX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/13: TX power is normal.
Explanation	The TX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TYPE_ERR

Message text	[STRING]: The transceiver type is not supported by port hardware.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/13: The transceiver type is not supported by port hardware.
Explanation	The transceiver module is not supported by the port.
Recommended action	Replace the transceiver module.

VOLT_HIGH

Message text	[STRING]: Voltage is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/13: Voltage is high.
Explanation	The voltage of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_LOW

Message text	[STRING]: Voltage is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/13: Voltage is low.
Explanation	The voltage of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_NORMAL

Message text	[STRING]: Voltage is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/13: Voltage is normal.
Explanation	The voltage of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

OSPF messages

This section contains OSPF messages.

OSPF_IP_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING].
Variable fields	$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name.
Severity level	6
Example	OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3.
Explanation	The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR.
Recommended action	Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area.

OSPF_RTRID_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: OSPF area ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTER

Message text	OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_DUP_RTRID_NBR

Message text	OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address.
Severity level	6
Example	OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2.
Explanation	Two directly connected devices were configured with the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_LAST_NBR_DOWN

Message text	OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING]
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason.
Severity level	6
Example	OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired.
Explanation	The device records the OSPF neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPF_MEM_ALERT

Message text	OSPF Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event.
Explanation	OSPF received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPF_NBR_CHG

Message text	OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING].
Variable fields	$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state.
Severity level	5
Example	OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down.
Explanation	The OSPF adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity.

OSPF_RT_LMT

Message text	OSPF [UINT32] route limit reached.
Variable fields	$1: OSPF process ID.
Severity level	4
Example	OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached.
Explanation	The number of routes of an OSPF process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

OSPF_RTRID_CHG

Message text	OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Explanation	The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed.
Recommended action	Use the reset ospf process command to make the new router ID take effect.

OSPF_VLINKID_CHG

Message text	OSPF [UINT32] Router ID changed, reconfigure Vlink on peer
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer
Explanation	A new OSPF router ID takes effect.
Recommended action	Check and modify the virtual link configuration on the peer router to match the new router ID.

OSPFV3 messages

This section contains OSPFv3 messages.

OSPFV3_LAST_NBR_DOWN

Message text	OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING] Local interface ID: [UINT32] Remote interface ID: [UINT32] Reason: [STRING].
Variable fields	$1: OSPFv3 process ID. $2: Router ID. $3: Local interface ID. $4: Remote interface ID. $5: Reason.
Severity level	6
Example	OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPFv3 1 Last neighbor down event: Router ID: 2.2.2.2 Local interface ID: 1111 Remote interface ID: 2222 Reason: Dead Interval timer expired.
Explanation	The device records the OSPFv3 neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPFV3_MEM_ALERT

Message text	OSPFV3 Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process received system memory alert start event.
Explanation	OSPFv3 received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPFV3_NBR_CHG

Message text	OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING] and its state from [STRING] to [STRING].
Variable fields	$1: Process ID. $2: Neighbor router ID. $3: Interface name. $4: Neighbor event. $5: Old adjacency state. $6: New adjacency state.
Severity level	5
Example	OSPFV3/5/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100) received 1-Way and its state from Full to Init.
Explanation	The OSPFv3 adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPFv3 configuration errors and loss of network connectivity.

OSPFV3_RT_LMT

Message text	OSPFv3 [UINT32] route limit reached.
Variable fields	$1: Process ID.
Severity level	5
Example	OSPFV3/5/OSPFV3_RT_LMT:OSPFv3 1 route limit reached.
Explanation	The number of routes of an OSPFv3 process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

PBB messages

This section contains PBB messages.

PBB_JOINAGG_WARNING

Message text	Because the aggregate interface [STRING] has been configured with PBB, assigning the interface [STRING] that does not support PBB to the aggregation group will cause incorrect processing.
Variable fields	$1: Aggregation group name. $2: Interface name.
Severity level	4
Example	PBB/4/PBB_JOINAGG_WARNING: Because the aggregate interface Bridge-Aggregation1 has been configured with PBB, assigning the interface Ten-GigabitEthernet9/0/30 that does not support PBB to the aggregation group will cause incorrect processing.
Explanation	Assigning an interface that does not support PBB to an aggregation group that has been configured with PBB will cause incorrect processing. If an aggregate interface is a PBB uplink port, all its members should support PBB.
Recommended action	Remove the interface from the aggregation group.

PBR messages

This section contains PBR messages.

PBR_HARDWARE_ERROR

Message text	Failed to update policy [STRING] due to [STRING].
Variable fields	$1: Policy name. $2: Hardware error reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations.
Severity level	4
Example	PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations.
Explanation	The device failed to update PBR configuration.
Recommended action	Modify the PBR policy configuration according to the failure reason.

PCAPWARE messages

This section contains PCAPWARE messages.

PCAPWARE_STOP

Message text	Packet capture stopped because [STRING].
Variable fields	$1: Reason why packet capture stopped: ¡ the packet file size exceeded the storage limit. ¡ the interface went down.
Severity level	5
Example	PCAPWARE/5/PCAPWARE_STOP: Packet capture stopped because the packet file size exceeded the storage limit.
Explanation	The device stopped packet capture..
Recommended action	Use one of the following methods: · Increase the maximum storage space for .cap files on the device. · Export the existing .cap files on the device. · Save the .cap files to a remote file server. · Bring up the interface.

PCE messages

This section contains PCE messages.

PCE_PCEP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer address of the session. $2: VPN instance name. Value unknown indicates that the VPN instance cannot be obtained. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · TCP connection down. · received a close message. The device receives a close message from the peer when the peer encounters one of the following situations: ¡ No explanation provided. (The session is closed because the idle time of the session exceeds three minutes.) ¡ DeadTimer expired. ¡ Reception of a malformed PCEP message. ¡ Reception of an unacceptable number of unknown requests/replies. ¡ Reception of an unacceptable number of unrecognized PCEP messages. · reception of a malformed PCEP message. · internal error. · memory in critical state. · dead timer expired. · process deactivated. · remote peer unavailable/untriggered. · reception of an unacceptable number of unrecognized PCEP messages. · reception of an unacceptable number of unknown requests/replies. · PCE address changed. · initialization failed.
Severity level	5
Example	PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is up. PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is down (dead timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, verify the network and configuration according to the reason displayed.

PEX messages

This section contains PEX messages.

PEX_CONFIG_ERROR

Message text	PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value ([UINT32]).
Variable fields	$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface. $4: Maximum virtual slot or chassis number for the PEX model.
Severity level	4
Example	PEX/4/PEX_CONFIG_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value 130.
Explanation	This message is generated in the following situations: · The PEX is not assigned a virtual slot or chassis number. · The PEX is assigned a virtual slot or chassis number that is greater than the maximum value allowed for the PEX model.
Recommended action	Use the associate command to assign a valid virtual slot or chassis number to the PEX. Make sure the slot or chassis number is within the value range for the PEX model.

PEX_CONNECTION_ERROR

Message text	PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: Another PEX has been registered on the PEX port.
Variable fields	$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface.
Severity level	4
Example	PEX/4/PEX_CONNECTION_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: Another PEX has been registered on the PEX port.
Explanation	This message is generated if a PEX port is connected to multiple PEXs.
Recommended action	Reconnect PEXs to ensure sure that only one PEX is connected to the PEX port.

PEX_LINK_BLOCK

Message text	Status of [STRING] changed from [STRING] to blocked.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	4
Example	PEX/4/PEX_LINK_BLOCK: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to blocked.
Explanation	Data link of the PEX physical interface has changed to blocked. The blocked state is a transitional state between forwarding and down. In blocked state, a PEX physical interface can forward protocol packets, but it cannot forward data packets. This state change occurs in one of the following situations: · Incorrect physical connection: ¡ The PEX physical links on a PEX are connected to different PEX ports on the parent device. ¡ The PEX port on the parent device contains physical links to different PEXs. · The data link is forced to the blocked state. In the startup phase, a PEX blocks the link of a PEX physical interface if the interface is physically up, but it is not used for loading startup software. · The physical state of the interface is up, but the PEX connection between the PEX and the parent device has been disconnected. The PEX and the parent device cannot receive PEX heartbeat packets from each other.
Recommended action	If a down PEX link changes from blocked to up quickly, you do not need to take action. If the link stays in blocked state, check the PEX cabling to verify that: · The PEX's all PEX physical interfaces are connected to the physical interfaces assigned to the same PEX port on the parent device. · The PEX port contains only physical links to the same PEX. If a forwarding PEX link stays in blocked state when it is changing to the down state, verify that an IRF fabric split has occurred. When an IRF fabric split occur, a PEX link is be blocked if it is connected to the Recovery-state IRF member device.

PEX_LINK_DOWN

Message text	Status of [STRING] changed from [STRING] to down.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	4
Example	PEX/4/PEX_LINK_DOWN: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to down.
Explanation	Data link of the PEX physical interface has changed to the down state and cannot forward any packets. The following are common reasons for this state change: · Physical link fails. · The interface is shut down administratively. · The system reboots.
Recommended action	If the interface has been shut down administratively or in the down state because of a system reboot, use the undo shutdown command to bring up the interface as needed. If the interface is down because of a physical link failure, verify that the cable has been securely connected and is in good condition.

PEX_LINK_FORWARD

Message text	Status of [STRING] changed from [STRING] to forwarding.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	5
Example	PEX/5/PEX_LINK_FORWARD: Status of Ten-GigabitEthernet2/0/1 changed from blocked to forwarding.
Explanation	Data link of the PEX physical interface has changed to the forwarding state and can forward data packets. This link state change occurs when one of the following events occurs: · The link is detected again after it changes to the blocked state. · The PEX finishes loading startup software images from the parent device through the interface.
Recommended action	No action is required.

PEX_REG_JOININ

Message text	PEX ([STRING]) registered successfully on PEX port [UINT32].
Variable fields	$1: Virtual slot or chassis number of a PEX. $2: PEX port ID.
Severity level	5
Example	PEX/5/PEX_REG_JOININ: PEX (slot 101) registered successfully on PEX port 1.
Explanation	The PEX has been registered successfully. You can configure and manage the PEX attached to the PEX port on the parent device as if the PEX was an interface card.
Recommended action	No action is required.

PEX_REG_LEAVE

Message text	PEX ([STRING]) unregistered on PEX port [UINT32].
Variable fields	$1: Virtual slot or chassis number of a PEX. $2: PEX port ID.
Severity level	4
Example	PEX/4/PEX_REG_LEAVE: PEX (slot 101) unregistered on PEX port 1.
Explanation	The PEX has been unregistered. You cannot operate the PEX from the parent device. A PEX unregister event occurs when one of the following events occurs: · The PEX reboots. · All physical interfaces in the PEX port are down. For example, all physical interfaces are shut down administratively, or all the physical links are disconnected. · The PEX fails to start up within 30 minutes. · Link detection fails on all physical interfaces in the PEX port.
Recommended action	If the event occurs because the PEX reboots or PEX physical interfaces are shut down administratively, use the undo shutdown command to bring up the interfaces as needed. To resolve the issue that occurs for any other reasons: · Use the display device command to verify that the virtual slot or chassis number of the PEX is present and the state is correct. · Use the display pex-port command to verify that the PEX physical interfaces are configured correctly and in a correct state. · Use the display interface command to verify that the physical state of the PEX physical interfaces is up. If the Current state field displays down, check the cabling for a physical link failure.

PEX_REG_REQUEST

Message text	Received a REGISTER request on PEX port [UINT32] from PEX ([STRING]).
Variable fields	$1: PEX port ID. $2: Virtual slot or chassis number of a PEX.
Severity level	5
Example	PEX/5/PEX_REG_REQUEST: Received a REGISTER request on PEX port 1 from PEX (slot 101).
Explanation	The PEX sent a registration request to the parent device. This event occurs when the PEX starts up after PEX configuration is completed and the PEX device is connected to the patent device correctly. The parent device will allow the PEX to load startup software images after it receives a REGISTER request.
Recommended action	No action is required.

PFILTER messages

This section contains packet filter messages.

PFILTER_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply [STRING] ACL [STRING] to the [STRING] direction of user profile [STRING]. Reason: [STRING].
Variable fields	$1: User identity. $2: ACL type. $3: ACL number or name. $4: Traffic direction. $5: User profile name. $6: Failure cause.
Severity level	3
Example	PFILTER/3/PFILTER_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply IPv4 ACL 2000 to the inbound direction of user profile u1. Reason: The resources are insufficient. PFILTER/3/ PFILTER_APPLYUSER_NO_RES: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply IPv6 ACL 2000 to the outbound direction of user profile u1. Reason: Packet filtering is not supported for user profiles.
Explanation	The system failed to apply an ACL to the user profile for packet filtering for one of the following reasons: · The resources are insufficient. · The device does not support applying an ACL to the user profile for packet filtering.
Recommended action	· If the resources are insufficient, delete some ACL rules to release resources. · If the device does not support the operation, apply the ACL to the interface on which the user comes online.

PFILTER_GLB_ RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally.
Recommended action	Remove the ACL of the same type.

PFILTER_GLB_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_GLB_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_IF_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_IF_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface.
Recommended action	Remove the ACL of the same type.

PFILTER_IF_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IPV6_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the packet-filter IPv6 ACL rule changed.
Recommended action	No action is required.

PFILTER_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the packet-filter IPv4 ACL rule changed.
Recommended action	No action is required.

PFILTER_VLAN_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_VLAN_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN.
Recommended action	Remove the ACL of the same type.

PFILTER_VLAN_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	No action is required.

PHYD messages

This section contains PHYD messages.

DRV

Message text	-Slot=3.1; [STRING] : Detected hardware fast-forwarding status error. Info saved in [STRING]
Variable fields	$1: Slot ID. $2: Name of the file saving hardware fast-forwarding status errors.
Severity level	2
Example	PHYD/2/DRV: -Slot=3.1; chassis %d slot %d cpu 1 : Detected hardware fast-forwarding status error. Info saved in chassis(1)_slot(1)_fpga(1)_regs_dump_count_1.
Explanation	The system monitors hardware fast-forwarding status at intervals. When detecting an error, the system records the error information and displays this message.
Recommended action	Save the abnormal file and observe the card status.

Message text	-Slot=3.1; [STRING] : Detected hardware fast-forwarding status error 5 times. Rebooting now.
Variable fields	$1: Slot ID.
Severity level	2
Example	PHYD/2/DRV: -Slot=3.1; chassis %d slot %d cpu 1 : Detected hardware fast-forwarding status error 5 times. Now rebooting.
Explanation	The system monitors hardware fast-forwarding status at intervals. After detecting continuous errors for five times, the system displays this message and reboots the card.
Recommended action	After the card is rebooted, save the abnormal files and observe the service status.

Message text	-Slot=2.1; Detected receiving interface [STRING] status abnormal on hardware fast-forwarding [STRING]. Checkpoint [STRING] failed.
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID. $3: Checkpoint ID.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected receiving interface HGport[2] status abnormal on hardware fast-forwarding chip0. Checkpoint 2 failed.
Explanation	The system monitors the receiving interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected sending interface [STRING] status abnormal on hardware fast-forwarding [STRING].
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected sending interface HGport[1] status abnormal on hardware fast-forwarding chip0
Explanation	The system monitors the sending interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected [STRING] status abnormal on hardware fast-forwarding [STRING]. Receiving status: [STRING]; sending status: [STRING].
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID. $3: State. $4: State.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected HGport[2] status abnormal on hardware fast-forwarding chip0. Receiving status:OK; sending status: ERROR.
Explanation	The system monitors the HiGig interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	-Slot=3.1; Detected uneven distribution of sessions on hardware fast-forwarding [STRING]. DDR[STRING]: [STRING] sessions (max); DDR [STRING]: [STRING] sessions (min).
Variable fields	$1: Hardware fast-forwarding engine chip ID. $2: DDR interface ID. $3: Number of sessions. $4: DDR interface ID. $5: Number of sessions.
Severity level	4
Example	PHYD/4/DRV: -Chassis=1-Slot=4.1; Detected uneven distribution of sessions on hardware fast-forwarding chip0. DDR[22]: 112022 sessions (max); DDR [28]: 10257 sessions (min).
Explanation	The system monitors the hardware fast forwarding session status at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected [STRING] channel[STRING] ddr_mod[STRING] exintf table status abnormal
Variable fields	$1: Chip ID. $2: Channel ID. $3: DDR ID.
Severity level	4
Example	PHYD/4/DRV: -Slot=2.1; Detected chip0 channel[0] ddr mod[10] exintf table status abnormal
Explanation	The system monitors the hardware fast-forwarding entry status at intervals. When detecting an error, the system displays this message.
Recommended action	Save the abnormal file and observe the card status.

Message text	-Slot=2.3; Allocate vSystem key error, vSystem creation failed.
Severity level	4
Example	PHYD/4/DRV: -Slot=2.3; Allocate vSystem key error, vSystem creation failed.
Explanation	The number of vSystems has exceeded the limit.
Recommended action	No action is required.

Message text	-Slot=2.3; vSystem throughput limit failed to get profile index.
Severity level	4
Example	PHYD/4/DRV: -Slot=2.3; vSystem throughput limit failed to get profile index.
Explanation	The speed of profile index allocation to vSystems has exceeded the limit.
Recommended action	No action is required.

PIM messages

This section contains PIM messages.

PIM_NBR_DOWN

Message text	[STRING]: Neighbor [STRING] ([STRING]) is down.
Variable fields	$1: VPN instance name. If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down.
Explanation	A PIM neighbor went down.
Recommended action	Check the PIM configuration and network status.

PIM_NBR_UP

Message text	[STRING]: Neighbor [STRING] ([STRING]) is up.
Variable fields	$1: VPN instance name. If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up.
Explanation	A PIM neighbor came up.
Recommended action	No action is required.

PING messages

This section contains ping messages.

PING_STATISTICS

Message text	[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in the public network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down.

PING_VPN_STATISTICS

Message text	[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in a private network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down and identify whether a valid route exists in the routing table.

PKI messages

This section contains PKI messages.

REQUEST_CERT_FAIL

Message text	Failed to request [STRING] certificate of domain [STRING].
Variable fields	$1: Certificate purpose. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_FAIL: Failed to request general certificate of domain abc.
Explanation	Failed to request certificate for a domain.
Recommended action	Check the configuration of the device and CA server, and the network between them.

REQUEST_CERT_SUCCESS

Message text	Request [STRING] certificate of domain [STRING] successfully.
Variable fields	$1: Certificate purpose. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_SUCCESS: Request general certificate of domain abc successfully.
Explanation	Successfully requested certificate for a domain.
Recommended action	No action is required.

PKT2CPU messages

This section contains PKT2CPU messages.

PKT2CPU_NO_RESOURCE

Message text	-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient.
Variable fields	$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port.
Severity level	4
Example	PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient.
Explanation	Hardware resources were insufficient.
Recommended action	Cancel the configuration.

PKTCPT messages

This section contains packet capture messages.

PKTCPT_AP_OFFLINE

Message text	Failed to start packet capture. Reason: AP was offline.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AP_OFFLINE: Failed to start packet capture. Reason: AP was offline.
Explanation	Packet capture failed to start because the AP configured with packet capture was offline.
Recommended action	1. Verify the AP configuration, and restart packet capture after the AP comes online. 2. If the problem persists, contact H3C Support.

PKTCPT_AREADY_EXIT

Message text	Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AREADY_EXIT: Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Explanation	When packet capture is stopped on the AC, the fit AP might be still uploading the captured frames. This message is generated when the user restarted packet capture at that time.
Recommended action	1. Restart packet capture later. 2. If the problem persists, contact H3C Support.

PKTCPT_CONN_FAIL

Message text	Failed to start packet capture. Reason: Failed to connect to the FTP server.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_CONN_FAIL: Failed to start packet capture. Reason: Failed to connect to the FTP server.
Explanation	Packet capture failed to start because the device failed to be connected to the FTP server in the same network segment.
Recommended action	1. Verify that the URL of the FTP server is valid. Possible reasons for an invalid URL include the specified IP address does not exist or is not the FTP server address, and the specified FTP server port is disabled. 2. Verify that the domain name resolution is successful. 3. Verify that the FTP server is reachable for the device configured with packet capture. 4. Verify that the FTP server is online. 5. If the problem persists, contact H3C Support.

PKTCPT_INVALID_FILTER

Message text	Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_INVALD_FILTER: Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Explanation	Packet capture failed to start because the capture filter expression was invalid.
Recommended action	1. Correct the capture filter expression. 2. If the problem persists, contact H3C Support.

PKTCPT_LOGIN_DENIED

Message text	Packet capture aborted. Reason: FTP server login failure.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_LOGIN_DENIED: Packet capture aborted. Reason: FTP server login failure.
Explanation	Packet capture stopped because the user failed to log in to the FTP server.
Recommended action	1. Verify the username and password. 2. If the problem persists, contact H3C Support.

PKTCPT_MEMORY_ALERT

Message text	Packet capture aborted. Reason: Memory threshold reached.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_MEMORY_ALERT: Packet capture aborted. Reason: Memory threshold reached.
Explanation	Packet capture stopped because the memory threshold was reached.
Recommended action	N/A

PKTCPT_OPEN_FAIL

Message text	Failed to start packet capture. Reason: File for storing captured frames not opened.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPEN_FAIL: Failed to start packet capture. Reason: File for storing captured frames not opened.
Explanation	Packer capture failed to start because the file for storing the captured frames cannot be opened.
Recommended action	1. Verify that the user has the write permission to the file. If the user does not have the write permission, assign the permission to the user. 2. Verify that the specified file has been created and is not used by another feature. If the file is used by another feature, use another file. 3. If the problem persists, contact H3C Support.

PKTCPT_OPERATION_TIMEOUT

Message text	Failed to start or continue packet capture. Reason: Operation timed out.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPERATION_TIMEOUT: Failed to start or continue packet capture. Reason: Operation timed out.
Explanation	This message is generated when one of the following situations occurs: · Packet capture failed to start because the FTP server in a different network segment is not reachable and the connection timed out. · Packet capture stopped because the FTP server in a different network segment is offline and uploading the captured frames timed out.
Recommended action	1. Verify that the FTP server is reachable. 2. Verify that the FTP server is online. 3. If the problem persists, contact H3C Support.

PKTCPT_SERVICE_FAIL

Message text	Failed to start packet capture. Reason: TCP or UDP port binding faults.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_SERVICE_FAIL: Failed to start packet capture. Reason: TCP or UDP port binding faults.
Explanation	Packet capture failed to start because an error occurs during TCP or UDP port binding.
Recommended action	1. Verify that Wireshark has been closed before you start packet capture. If it is not closed, close Wireshark, and then restart packet capture. 2. Bind a new TCP or UDP port, and then restart packet capture. 3. If the problem persists, contact H3C Support.

PKTCPT_UNKNOWN_ERROR

Message text	Failed to start or continue packet capture. Reason: Unknown error.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UNKNOWN_ERROR: Failed to start or continue the packet capture. Reason: Unknown error.
Explanation	Packet capture failed to start or packet capture stopped because of an unknown error.
Recommended action	N/A

PKTCPT_UPLOAD_ERROR

Message text	Packet capture aborted. Reason: Failed to upload captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UPLOAD_ERROR: Packet capture aborted. Reason: Failed to upload captured frames.
Explanation	Packet capture stopped because the capture failed to upload the captured frames.
Recommended action	1. Verify that the FTP working directory is not changed. 2. Verify that the user has the write permission to the file on the FTP server. 3. Verify that the FTP server is online. 4. Verify that the FTP server is reachable. 5. Verify that the FTP server has enough memory space. 6. Verify that the packet capture is not stopped during the upload of captured frames. 7. If the problem persists, contact H3C Support.

PKTCPT_WRITE_FAIL

Message text	Packet capture aborted. Reason: Not enough space to store captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_WRITE_FAIL: Packet capture aborted. Reason: Not enough space to store captured frames.
Explanation	Packet capture stopped because the memory space is not enough for storing captured frames.
Recommended action	1. Delete unnecessary files to release the space. 2. If the problem persists, contact H3C Support.

Portal messages

This section contains portal messages.

PORTAL_USER_LOGOFF

Message text	UserName=[STRING], IPAddr=[IPADDR], IfName=[STRING], OuterVLAN=[UINT16], InnerVLAN=[UINT16], MACAddr=[MAC], Reason=[STRING], Input Octets=[UINT32], Output Octets=[UINT32], Input Gigawords=[UINT32], Output Gigawords=[UINT32], IPv6Input Octets=[UINT32], IPv6Output Octets=[UINT32], IPv6 Input Gigawords=[UINT32],IPv6Output Gigawords=[UINT32], SessionTime=[UINT32]; User logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline, see Table 12. $8: Statistics of the user's upstream IPv4 traffic, in bytes. $9: Statistics of the user's downstream IPv4 traffic, in bytes. $10: Statistics of the user's upstream IPv4 traffic. The measurement unit is 4G bytes. $11: Statistics of the user's downstream IPv4 traffic. The measurement unit is 4G bytes. $12: Statistics of the user's upstream IPv6 traffic, in bytes. $13: Statistics of the user's downstream IPv6 traffic, in bytes. $14: Statistics of the user's upstream IPv6 traffic. The measurement unit is 4G bytes. $15: Statistics of the user's downstream IPv6 traffic. The measurement unit is 4G bytes. $16: Online duration of the user, in seconds.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGOFF: -MDC=1; UserName=abc, IPAddr=1.1.1.2, IfName=Route-Aggregation1023.4000, OuterVLAN=N/A, InnerVLAN=4000, MACAddr=0230-0103-5601, Reason=User request, Input Octets=100, Output Octets=200, Input Gigawords=100, Output Gigawords=200, IPv6Input Octets=100, IPv6Output Octets=200, IPv6Input Gigawords=100, IPv6Output Gigawords=200, SessionTime=200; User logged off.
Explanation	A portal user went offline. Whether IPv6-related fields are displayed depends on the configuration of the portal user-log traffic-separate command. For more information, see portal commands in Security Command Reference.
Recommended action	Choose the recommended action according to the reason (see Table 12).

Table 12 Reasons that a user goes offline and recommended actions

Reason	Description	Recommended action
User request.	The user requested to be offline.	No action is required.
DHCP entry deleted.	The DHCP entry was deleted.	Verify that the DHCP server configuration is correct.
Idle timeout.	The traffic of the user in the specified period of time does not reach the idle cut traffic threshold.	No action is required.
Session timeout.	The user's online time has reached the session timeout time assigned by the server.	No action is required.
User detection failure.	The user failed online detection.	No action is required.
Force logout by RADIUS server.	The RADIUS server logged out the user.	No action is required.
Interface down.	· The state of the access interface became Down or Deactive. · The access interface is a VLAN interface and a Layer 2 port left the VLAN.	· Verify that a cable is correctly inserted to the user access interface, and the access interface is not shut down by using the shutdown command. · Verify that the user access interface card or subcard operates normally. · Verify that portal roaming is enabled on the user access Layer 2 Ethernet interface.
Failed to assign a user rule.	N/A.	Release memory to ensure enough hardware memory space.
Authorization info changed.	Authorization information changed for the user. For example, the authorization ACL or user profile was deleted.	No action is required.
Force logout by access device.	The device logged out the user.	Make sure portal authentication functions normally on the user access interface.
User info synchronization failure.	The device failed to synchronize user information with the server.	· Make sure the user heartbeat interval configured on the portal authentication server is not greater than the user synchronization detection timeout configured on the access device. · Verify that the server is reachable.
User recovery failure.	User information recovery failed.	· Verify that the user access interface is up. · Verify that portal authentication is enabled on the user access interface. · Verify that the session timeout timer for the user does not expire.
Authorization ACL for the online user changed.	N/A	· Verify that the authorization ACL for the user is correctly assigned. · Verify that strict checking on authorized ACLs is disabled.
Authorization user profile for the online user changed.	N/A	· Verify that the authorization user profile for the user is correctly assigned by using the display user profile command. · Verify that strict checking on authorized user profiles is disabled.
Accounting update failure.	Failed to update accounting for the user.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
Failed to start accounting.	Failed to start accounting for the user.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
User traffic reached threshold.	Traffic of the user reached the traffic threshold set by the server.	No action is required.
Authorization VPN instance deleted.	The authorization VPN instance was deleted.	No action is required.
Authorization ACL does not exist.	The authorization ACL does not exist.	Verify that the ACL is correctly configured on the device.
Failed to get physical info.	Failed to get the physical information.	No action is required.
Failed to add an ARP or ND entry for the user.	Failed to add the ARP or ND entry of the user.	No action is required.
User information does not match user profile.	The user information and the user profile do not match.	No action is required.
Authorization user profile does not exist.	The authorization user profile does not exist.	Verify that the user profile is correctly configured on the device.
Failed to issue the user rule to the AP.	Failed to issue the user rule to the AP.	No action is required.
Deleted the user for SSID switchover.	The user was logged out after SSID switchover.	No action is required.
Failed to issue an OpenFlow rule to the AP.	Failed to issue an OpenFlow rule to the AP.	No action is required.
Logged out the user after the wireless client disconnected.	The user was logged out after the wireless client was disconnected.	No action is required.
Logged out the user when a new user with the same MAC address performed MAC-trigger authentication.	The user was logged out because a new user with the same MAC address performed MAC-trigger authentication.	No action is required.
Logged out the user when a new dual-stack user with the same MAC address came online.	The user was logged out because a new dual-stack user with the same MAC address came online.	No action is required.
The portal server failed to instruct the device to change the user IP address.	The portal server failed to instruct the device to change the IP address of the user.	No action is required.
DHCP received a DHCP release packet.	The user was logged out because DHCP received a DHCP release message.	No action is required.
DHCP lease expired.	The DHCP lease of the user expired.	No action is required.
DHCP received a DHCP release packet from the WLAN roaming center.	The WLAN roaming center instructed DHCP to log out the user because of a DHCP release message.	No action is required.
WLAN roaming center instructed portal to log out the user.	The WLAN roaming center instructed portal to log out the user.	No action is required.
Logged out the user after user synchronization through WiFiDog.	Portal logged out the user after it synchronized user information through WifFiDog.	No action is required.
The cloud portal server instructed portal to log out the user.	The cloud portal server instructed portal to log out the user.	No action is required.

PORTAL_USER_LOGON_FAIL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User failed to get online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Login failure reason, see Table 13.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_FAIL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason= Authentication Failed : 4; User failed to get online.
Explanation	A portal user failed to come online.
Recommended action	Choose the recommended action according to the reason, see Table 13.

Table 13 Reasons that a user fails to come online and recommended actions

Reason	Description	Recommended action
Authorization failure.	Authorization failed, or authorization attributes deployment failed.	· Verify that the device can correctly communicate with the authorization server. · Verify that the authorization user attributes exist on the device and are correctly configured. · Verify that the device supports the authorization user attributes.
Received logout request.	The user received a logout request from the portal server during the login process.	Verify that the device can correctly communicate with the AAA server.
Authentication failure.	Authentication failed.	· Verify that the device can correctly communicate with the authentication server. · Verify that the shared key is the same on the device and the authentication server. · Verify that the username is valid. · Verify that the password for the username is correct. · Verify that the authentication domain on the device is correct.
Other error.	Unknown error.	N/A

PORTAL_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]:User got online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601; User got online successfully.
Explanation	A portal user came online successfully.
Recommended action	No action is required.

PORTSEC messages

This section contains port security messages.

PORTSEC_PORTMODE_NOT_EFFECTIVE

Message text	The port security mode is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port security mode is configured but is not effective on interface Ethernet3/1/2.
Explanation	The port security mode does not take effect on an interface, because the interface does not support this mode.
Recommended action	1. Remove the problem by using one of the following methods: ¡ Change the port security mode to another mode that is supported by the interface. ¡ Reconnect the connected devices to another interface that supports this port security mode, and configure the port security mode on the new interface. 2. If the problem persists, contact H3C Support.

PORTSEC_NTK_NOT_EFFECTIVE

Message text	The NeedToKnow feature is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface Ethernet3/1/2.
Explanation	The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode.
Recommended action	1. Remove the problem depending on the network requirements: ¡ If the NeedToKnow feature is not required, disable the NeedToKnow feature on the interface. ¡ If the NeedToKnow feature is required, reconnect the connected devices to another interface that supports the NeedToKnow mode. Then, configure the NeedToKnow mode on the new interface. 2. If the problem persists, contact H3C Support.

POSA

This section contains POSA module messages.

POSA_TCPLISTENPORT_NOT_OPEN

Message text	Failed to open TCP listening port for terminal [STRING].
Variable fields	$1: POS terminal template ID.
Severity level	3
Example	POSA/3/POSA_TCPLISTENPORT_NOT_OPEN: Failed to open TCP listening port for terminal 1.
Explanation	The device failed to open the TCP listening port for POS terminal template 1.
Recommended action	1. Delete POS terminal template 1. 2. Re-create a POS terminal template by using an unused TCP port number.

POSA_SERVER_ALREADYACCESS

Message text	POSA service was enabled.
Variable fields	N/A
Severity level	3
Example	POSA/3/POSA_SERVER_ALREADYACCESS: POSA service was enabled.
Explanation	The POS terminal access service has been enabled. The device is ready for POS transactions.
Recommended action	No action is required.

POSA_APP_CONNECT

Message text	Application [STRING] was connected to the FEP.
Variable fields	$1: POS application template ID.
Severity level	3
Example	POSA/3/POSA_APP_CONNECT: Application 1 was connected to the FEP.
Explanation	The device has connected to the FEP for POS application 1. The device can exchange POS packets with the FEP.
Recommended action	No action is required.

POSA_APP_RESET

Message text	Application [STRING] was reset.
Variable fields	$1: POS application template ID.
Severity level	3
Example	POSA/3/POSA_APP_RESET: Application 1 was reset.
Explanation	The device has disconnected from the FEP for POS application 1.
Recommended action	Make sure the device (POS access device) and the FEP can reach each other, and verify that the settings for the POS application template are correct.

POSA_SERVER_NOTACCESS

Message text	POSA service was disabled.
Variable fields	N/A
Severity level	3
Example	POSA/3/ POSA_SERVER_NOTACCESS: POSA service was disabled.
Explanation	The POS terminal access service has been disabled.
Recommended action	Clear the POS terminal and application statistics to release memory if you disabled the POS terminal access service on purpose.

PPP messages

This section contains PPP messages.

IPPOOL_ADDRESS_EXHAUSTED

Message text	The address pool [STRING] was exhausted.
Variable fields	$1: Pool name.
Severity level	5
Example	PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa was exhausted.
Explanation	This message is generated when the last address is assigned from the pool.
Recommended action	Add addresses to the pool.

PPPOES_MAC_THROTTLE

Message text	The MAC [STRING] triggered MAC throttle on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	5
Example	PPPOES/5/PPPOES_MAC_THROTTLE: -MDC=1; The MAC 001b-21a8-0949 triggered MAC throttle on interface GigabitEthernet1/0/1.
Explanation	The maximum number of PPPoE session requests from a user within the monitoring time reached the PPPoE access limit on the access interface. The access interface discarded the excessive requests.
Recommended action	1. Check the PPPoE access limit on the access interface that is configured by using the pppoe-server throttle per-mac command. 2. View the time left for the blocking user on the access interface by executing the display pppoe-server throttled-mac command. 3. If the problem persists, contact the support.

PPP_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]; The user came online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	PPP/6/PPP_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601; The user came online successfully.
Explanation	The user has come online successfully.
Recommended action	No action is required.

PPP_USER_LOGON_FAILED

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user failed to come online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 14).
Severity level	5
Example	PPP/5/PPP_USER_LOGON_FAILED: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Authentication failed; The user failed to come online.
Explanation	The user failed to come online.
Recommended action	See Table 14.

Table 14 Causes and recommended actions

Cause	Description	Recommended action
Authentication method error	The authentication method was configured incorrectly, possibly because the authentication method requested by users is inconsistent with the authentication method configured on the interface.	Verify that the authentication method is configured correctly.
AAA access limit reached	The upper limit of concurrent logins using the same local user name is reached.	1. Check the number of concurrent online users using the current local user name. 2. Modify the upper limit of the concurrent logins using the current local user name to a greater value by executing the access-limit command.
The local user does not exist	The local user was not configured.	1. Verify that the dial-in user is a legal user. 2. Add the local user if the user is a legal user but the corresponding local user does not exist on the device.
Local authentication failed: wrong password	The local authentication was rejected because of the incorrect password.	1. Verify that the username is correct. 2. Verify that the password is correct.
No AAA response during authentication	The device did not receive an AAA response from the authentication server during the authentication timeout time.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly. 3. Verify that the shared key on the device is the same as the shared key on the authentication server.
RADIUS authentication reject	The RADIUS server returned an access-reject packet.	1. Verify that the username is correct. 2. Verify that the password is correct.
AAA authorization information error	Failed to add user authorization information.	Verify that the authorization attributes deployed by the authorization server exist on the device and are configured correctly.
Authentication request to AAA failed	The device failed to send the authentication request to the AAA server.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly.
Accounting request to AAA failed	The device failed to send the accounting request to the AAA server.	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No authentication ACK from AAA	The device failed to receive the authentication acknowledgment packet from the AAA server.	1. Verify that the device communicates with the authentication server correctly. 2. Verify that the authentication server operates correctly.
TACACS authentication reject	The TACACS server returned an access-reject packet.	1. Verify that the username is correct. 2. Verify that the password is correct.

PPP_USER_LOGOFF

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 15).
Severity level	6
Example	PPP/6/PPP_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Use request; The user logged off.
Explanation	The user has gone offline normally.
Recommended action	No action is required.

Table 15 Causes

Cause	Description
User request	The user connection was terminated at the user's request.

PPP_USER_LOGOFF_ABNORMAL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; The user logged off abnormally.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Cause (see Table 16).
Severity level	6
Example	PPP/6/PPP_USER_LOGOFF_ABNORMAL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000-OuterVLAN=1000-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=Lost Carrier; The user logged off abnormally.
Explanation	The user has gone offline abnormally.
Recommended action	See Table 16.

Table 16 Causes and recommended actions

Cause	Description	Recommended action
Lost carrier	The keepalive packets were lost, possibly because the link between the user device and the device connecting to the BAS fails.	Save the related log information locally and contact the support.
Lost service	The service server (for example, L2TP) terminated the service.	No action is required.
Admin reset	The user session was temporarily terminated by the administrator by executing the shutdown command because of management reasons.	No action is required.
BAS request	Unknown reasons.	Save the related log information locally and contact the support.
Session timeout	The user session timed out.	Notify the user that the traffic quota is used up or to renew the user account.
Traffic quota limit reached	The user traffic limit was reached.	Notify the user that the traffic is used up or to renew the user account.
Logged off by the RADIUS server	The AAA server logged off the user.	No action is required.
Accounting update failure	The accounting update failed.	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response during realtime accounting	The user did not receive the response from the accounting server during the timeout time. (In the realtime accounting phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response for accounting start	The user did not receive the response from the accounting server during the timeout time. (In the accounting start phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
No AAA response for accounting stop	The user did not receive the response from the accounting server during the timeout time. (In the accounting stop phase.)	1. Verify that the device communicates with the accounting server correctly. 2. Verify that the accounting server operates correctly.
PPP negotiation terminated	The PPP negotiation was terminated.	Verify that the configuration is correct.
Repeated LCP negotiation packets	Repeated LCP negotiation packets were received.	Disconnect the client and initiate a connection again.
The interface that the user accesses goes down	N/A.	1. Verify that the network cable of the user access interface is correctly connected. 2. Verify the user access card or subcard has no errors or is in position.
The interface that the user accesses is shut down	N/A.	Verify that the shutdown command is not executed on the user access interface.
Session idle cut	The user traffic did not reach the threshold within the specified period.	No action is required.

PREPROVISION messages

This section contains preprovision messages.

PREPROVISION_SLOT_MISMATCH

Message text	Preprovision check on slot [UINT32] failed because of mismatching model or interface information: Preprovisioned model=[STRING], installed model=[STRING]. Preprovisioned interface type=[STRING], actual interface type=[STRING].
Variable fields	$1: Slot number of a member device. $2: Model of a preprovisioned device. $3: Model of an installed device. $4: Preprovisioned interface information on a member device. $5: Preprovisioned interface information on a member device.
Severity level	3
Example	PREPROVISION/3/PREPROVISION_SLOT_MISMATCH: Preprovision check on slot 2 failed because of mismatching model or interface information: Preprovisioned model=MPU, installed model=MPU. Preprovisioned interface type=GE-GE, actual interface type=XGE-XGE.
Explanation	Preprovisioning check failed because the model of the installed member device is not consistent with the preprovisioned model or the actual interface information is not consistent with preprovisioned interface information.
Recommended action	Install a member device of the specified model.

PREPROVISION_SUBSLOT_MISMATCH

Message text	Preprovision check on slot [UINT32] subslot [UINT32] failed because of mismatching model or interface information: Preprovisioned model=[STRING], installed model=[STRING]. Preprovisioned interface type=[STRING], actual interface type=[STRING].
Variable fields	$1: Slot number of a member device. $2: Subslot number of a subcard. $3: Model of a preprovisioned subcard. $4: Model of an installed subcard. $5: Preprovisioned interface information on a subcard. $6: Actual interface information on a subcard.
Severity level	3
Example	PREPROVISION/3/PREPROVISION_SLOT_MISMATCH: Preprovision check on slot 2 subslot 1 failed because of mismatching model or interface information: Preprovisioned model=EXTEND-CARD, installed model= EXTEND-CARD. Preprovisioned interface type=XGE, actual interface type=GE.
Explanation	Preprovisioning check failed because the model of the installed subcard is not consistent with the preprovisioned model or the actual interface information is not consistent with preprovisioned interface information.
Recommended action	Install a subcard of the specified model.

PTS

This section contains Platform Trust Services (PTS) messages.

PTS_AK_AUTH_FAILED

Message text	Inconsistent authorization data for attestation key [STRING].
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_AK_AUTH_FAILED: Inconsistent authorization data for attestation key abc.
Explanation	The authorization data specified for the integrity report attestation-key command is different from the authorization data specified for the AK when the AK was created. The command for creating a key is key create.
Recommended action	Specify the same authorization data for the integrity report attestation-key command as the authorization data you specified when you created the key.

PTS_AK_INVALID

Message text	The attestation key [STRING] is incorrect.
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_AK_INVALID: The attestation key abc is incorrect.
Explanation	The specified AK is invalid.
Recommended action	Specify a valid AK for TC reporting.

PTS_AK_NO_CERT

Message text	No certificate file found for attestation key [STRING].
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_AK_NO_CERT: No certificate file found for attestation key abc.
Explanation	No certificate was found for the AK.
Recommended action	Use the manager to sign an AK certificate for the AK of the device.

PTS_AK_NO_EXIST

Message text	Attestation key [STRING] doesn't exist.
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_AK_NO_EXIST: The attestation key abc doesn't exist.
Explanation	The AK does not exist.
Recommended action	Use the key create command to create the AK.

PTS_AK_NO_LOAD

Message text	The attestation key [STRING] is not loaded.
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_AK_NO_LOAD: The attestation key abc is not loaded.
Explanation	The AK is not loaded to the TC chip.
Recommended action	Use the key load command to load the AK to the TC chip.

PTS_BTW_PCR_FAILED

Message text	Hash value computed based on BootWare IML is not consistent with that in PCR ([UINT]).
Variable fields	$1: PCR index.
Severity level	4
Example	PTS/4/PTS_BTW_PCR_FAILED: Hash value computed based on BootWare IML is not consistent with that in PCR(0).
Explanation	The hash value computed by using the BootWare IML for the basic or extended segment is different from the hash value stored in the PCR. The BootWare is not trustworthy.
Recommended action	Contact H3C Support.

PTS_CHECK_RM_VERSION_FAILED

Message text	Version the RM file [STRING] is not supported.
Variable fields	$1: RM file name.
Severity level	4
Example	PTS/4/PTS_CHECK_RM_VERSION_FAILED: Version the RM file BOOTWARE_BASIC_52B.rm is not supported.
Explanation	The device does not support the RM file version.
Recommended action	Contact H3C Support.

PTS_CREATE_AGED_TIMER_FAILED

Message text	Failed to create PTS session ageing timer.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_AGED_TIMER_FAILED: Failed to create PTS session ageing timer.
Explanation	PTS failed to create the session aging timer.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_CHECK_TIMER_FAILED

Message text	Failed to create server check timer.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_CHECK_TIMER_FAILED: Failed to create server check timer.
Explanation	PTS failed to create the server check timer.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_CONTEXT_FAILED

Message text	Failed to create TSS context.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_CONTEXT_FAILED: Failed to create TSS context.
Explanation	PTS failed to create the TPM software stack context.
Recommended action	Contact H3C Support.

PTS_CREATE_EPOLL_FAILED

Message text	Failed to create epoll service.
Variable fields	N/A
Severity level	3
Example	PTS/3/PTS_CREATE_EPOLL_FAILED: Failed to create epoll service.
Explanation	PTS failed to create the epoll service.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_HASH_FAILED

Message text	Failed to create hash table.
Variable fields	N/A
Severity level	3
Example	PTS/3/PTS_CREATE_HASH_FAILED: Failed to create hash table.
Explanation	PTS failed to create the hash table.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_SELFVERIFY_COUNTER_FAILED

Message text	Failed to create selfverify counter.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_SELFVERIFY_COUNTER_FAILED: Failed to create selfverify counter.
Explanation	PTS failed to create the integrity self-verification IML counter. The integrity self-verification feature is not available.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_SELFVERIFY_TIMER_FAILED

Message text	Failed to create selfverify timer.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_SELFVERIFY_TIMER_FAILED: Failed to create selfverify timer.
Explanation	PTS failed to create the integrity self-verification timer. The periodic integrity self-verification feature is not available.
Recommended action	· Contact H3C Support. · Use the integrity selfverify command to manually perform an integrity self-verification.

PTS_CREATE_SOCKET_FAILED

Message text	Failed to create socket service.
Variable fields	N/A
Severity level	3
Example	PTS/3/PTS_CREATE_SOCKET_FAILED: Failed to create socket service.
Explanation	PTS failed to create the socket service.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_CREATE_TIMER_FAILED

Message text	Failed to create timer.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_CREATE_TIMER_FAILED: Failed to create timer.
Explanation	PTS failed to create a timer. PTS generates this log message whenever it fails to create a timer.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_FILE_HASH_FAILED

Message text	Hash value of file [STRING] is not consistent with that in the RM file.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	PTS/4/PTS_FILE_HASH_FAILED: Hash value of file /sbin/ls is not consistent with that in the RM file.
Explanation	The hash value computed for the specified file is different from the hash value of the file stored in the RM file. The file is not trustworthy.
Recommended action	Contact H3C Support.

PTS_LOAD_KEY_FAILED

Message text	Failed to load attestation key [STRING].
Variable fields	$1: AK name.
Severity level	4
Example	PTS/4/PTS_LOAD_KEY_FAILED: Failed to load attestation key abc.
Explanation	PTS failed to load the AK name to the TPM.
Recommended action	1. Verify that the AK exists and is enabled. To display AK information, use the display tcsm key name command. 2. If the problem persists, contact H3C Support.

PTS_PARSE_IML_FAILED

Message text	Failed to parse IML.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_PARSE_IML_FAILED: Failed to parse IML.
Explanation	PTS failed to parse an IML.
Recommended action	1. Execute the undo pts command and the pts command in turn to restart the PTS service. 2. If the problem persists, contact H3C Support.

PTS_PKG_PCR_FAILED

Message text	Hash value computed based on Package IML is not consistent with that in PCR ([UINT]).
Variable fields	$1: PCR index.
Severity level	4
Example	PTS/4/PTS_PKG_PCR_FAILED: Hash value computed based on Package IML is not consistent with that in PCR (12).
Explanation	The hash value computed by using the Comware image IML is different from the hash value stored in the PCR. The Comware images are not trustworthy.
Recommended action	Contact H3C Support.

PTS_READ_PCR_FAILED

Message text	Failed to read PCR ([UINT]).
Variable fields	$1: PCR index.
Severity level	4
Example	PTS/4/PTS_READ_PCR_FAILED: Failed to read PCR(0).
Explanation	PTS failed to read PCR data.
Recommended action	Contact H3C Support.

PTS_RM_FILE_FAILED

Message text	Wrong signature for RM file [STRING].
Variable fields	$1: RM file name.
Severity level	4
Example	PTS/4/PTS_RM_FILE_FAILED: Wrong signature for RM file BOOTWARE_BASIC_52B.rm.
Explanation	The signature for the RM file is incorrect.
Recommended action	Contact H3C Support.

PTS_RUNTIME_PCR_FAILED

Message text	Hash value computed based on runtime IML is not consistent with that in PCR ([UINT]).
Variable fields	$1: PCR index.
Severity level	4
Example	PTS/4/PTS_RUNTIME_PCR_FAILED: Hash value computed based on runtime IML is not consistent with that in PCR (10).
Explanation	The hash value computed by using the runtime IML is different from the hash value stored in the PCR. The runtime-related executable files are not trustworthy.
Recommended action	Contact H3C Support.

PTS_SELFVERIFY_FAILED

Message text	Failed to start integrity selfverify. Reason: TPM doesn't exist or isn't enabled.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_SELFVERIFY_FAILED: Failed to start integrity selfverify because TPM does not exist or is not enabled.
Explanation	Because the TPM did not exist or was disabled, the integrity self-verification failed.
Recommended action	Verify that the TPM is available. To display relevant information, use the display tcsm trusted-computing-chip command.

PTS_SELFVERIFY_START_FAILED

Message text	Failed to start selfverify.
Variable fields	N/A
Severity level	4
Example	PTS/4/PTS_SELFVERIFY_START_FAILED: Failed to start selfverify.
Explanation	PTS failed to start integrity self-verification.
Recommended action	1. Start integrity self-verification again. 2. If the problem persists, contact H3C Support.

PTS_TEMPLATE_HASH_FAILED

Message text	Calculated template hash value of [STRING] is not consistent with that in IML.
Variable fields	$1: Name of the file of which you want to measure the integrity.
Severity level	4
Example	PTS/4/PTS_TEMPLATE_HASH_FAILED: Calculated template hash value of /sbin/ls is not consistent with that in IML.
Explanation	The template hash value computed by using parameters including the measurement time and the hash value of the program file is different from the template hash value in the IML. The IML might have been tempered with.
Recommended action	Contact H3C Support.

PWDCTL messages

This section contains password control messages.

PWDCTL_ADD_BLACKLIST

Message text	[STRING] was added to the blacklist for wrong password input.
Variable fields	$1: Username.
Severity level	6
Example	PWDCTL/6/PWDCTRL_ADD_BLACKLIST: hhh was added to the blacklist for wrong password input..
Explanation	The user entered an incorrect password. It failed to log in to the device and was added to the password control blacklist.
Recommended action	No action is required.

PWDCTL_CHANGE_PASSWORD

Message text	[STRING] changed the password because [STRING].
Variable fields	$1: Username. $2: The reasons for changing password. ¡ it was the first login of the account. ¡ the password had expired. ¡ the password was too short. ¡ the password was not complex enough. ¡ the password was default password.
Severity level	6
Example	PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because It is the first login of the account.
Explanation	The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account.
Recommended action	No action is required.

PWDCTL_DELETEBLACLIST

Message text	User [STRING] was deleted from blacklist.
Variable fields	$1: Username.
Severity level	3
Example	PWDCTL/3/PWDCTL_DELETEBLACLIST: User hhh was deleted from blacklist.
Explanation	The user account was removed from the blacklist.
Recommended action	No action is required.

PWDCTL_FAILED_COPYFILE

Message text	Failed to copy the password records to all backup files.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_FAILED_COPYFILE: Failed to copy the password records to backup file.
Explanation	The device failed to copy a password to a file on the standby MPU.
Recommended action	Verify that the storage space of the file system on the standby MPU is sufficient.

PWDCTL_FAILED_PROCMSG

Message text	Failed to process request message.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_FAILED_PROCMSG: Failed to process request message.
Explanation	The password management daemon failed to process a request message.
Recommended action	Contact Technical Support.

PWDCTL_FAILED_TO_WRITEPWD

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/PWDCTL_FAILED_TO_WRITEPWD: Failed to write the password records to file.
Explanation	The device failed to write a password to a file.
Recommended action	Check the file system of the device for memory space insufficiency.

PWDCTL_LOCKBLACKLIST

Message text	User [STRING] was [STRING] minutes for achieve maximum login attempts.
Variable fields	$1: Username. $2: The locking action to be taken after the user fails the maximum number of consecutive login attempts: · locked in [UNIT32] minutes—Locks the user account for a period of time. When the locking timer expires, users can use this user account to log in. · permanently locked—Locks the user account permanently.
Severity level	3
Example	1. PWDCTL/3/PWDCTL_LOCKBLACKLIST: User hhh was locked in 1 minutes for achieve maximum login attempts. 2. PWDCTL/3/PWDCTL_LOCKBLACKLIST: User hhh was permanently locked for achieve maximum login attempts.
Explanation	The action to be taken after the user fails the maximum number of consecutive login attempts depends on the password-control login-attempt exceed command.
Recommended action	No action is required.

PWDCTL_NOTIFYWRITEFILE

Message text	Notification of writing password records to file failed.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_NOTIFYWRITEFILE: Notification of writing password records to file failed.
Explanation	The device failed to deliver the notification of writing a password to a file.
Recommended action	Contact Technical Support.

PWDCTL_RECFORMATCONV

Message text	Failed to convert the password record format.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_RECFORMATCONV: Failed to convert the password record format.
Explanation	Converting password record format failed.
Recommended action	Contact Technical Support.

PWDCTL_UNLOCKBLACKLIST

Message text	User [STRING] was unlocked due to lock-time aged.
Variable fields	$1: Username.
Severity level	3
Example	PWDCTL/3/PWDCTL_UNLOCKBLACKLIST: User hhh was unlocked due to lock-time aged.
Explanation	The user account is unlocked after the locking timer expires.
Recommended action	No action is required.

PWDCTL_UPDATETIME

Message text	Last login time updated after clock update.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update.
Explanation	The most recent login time has been updated.
Recommended action	No action is required.

PWDCTL_USERINLOCKING

Message text	User [STRING] is locking for maximum times failure logged in.
Variable fields	$1: Username.
Severity level	3
Example	PWDCTL/3/PWDCTL_USERINLOCKING: User hhh is locking for maximum times failure logged in.
Explanation	The user makes login attempts during the locking period after the maximum number of consecutive login attempts is reached.
Recommended action	No action is required.

QOS messages

This section contains QoS messages.

QOS_AUTHCAR_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the authorized CAR to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Failure cause: ¡ The resources are insufficient.
Severity level	4
Example	QOS/4/QOS_AUTHCAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the authorized CAR to the user. Reason: The resources are insufficient.
Explanation	This message is generated in the following situations: · The DAE client fails to issue the authorized CAR action when a user comes online. · The DAE client fails to modify the authorized CAR action for online user.
Recommended action	Modify the parameters of the authorized CAR action.

QOS_CAR_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause: ¡ The resources are insufficient.
Severity level	4
Example	QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a CAR policy when a user went online. · Modify a configured CAR policy or configure a new CAR policy when a user is online.
Recommended action	Delete the CAR policy from the profile or modify the parameters of the CAR policy.

QOS_CBWFQ_REMOVED

Message text	CBWFQ is removed from [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1.
Explanation	CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ.
Recommended action	Increase the bandwidth or speed and apply the removed CBWFQ again.

QOS_GTS_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: User profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a GTS action when a user went online. · Modify a configured GTS action or configure a new GTS action when a user is online.
Recommended action	Delete the GTS action from the user profile or modify the parameters of the GTS action.

QOS_NOT_ENOUGH_BANDWIDTH

Message text	Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING].
Variable fields	$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name.
Severity level	3
Example	QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1.
Explanation	Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ.
Recommended action	Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ.

QOS_POLICY_APPLYCOPP_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYCOPP_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause: ¡ The behavior is empty. ¡ The classifier is empty.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user went online. · Modify an applied QoS policy or apply a new QoS policy when a user is online.
Recommended action	Remove the QoS policy from the user profile or modify the parameters of the QoS policy.

QOS_POLICY_APPLYVLAN_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYVLAN_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_QMPROFILE_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply queue management profile [STRING] in session group profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Queue scheduling profile name. $3: Session group profile name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue management profile b in session group profile a to the user. Reason: The QMProfile is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a queue scheduling profile when a user went online. · Modify an applied queue scheduling profile or apply a new queue scheduling profile when a user is online.
Recommended action	Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile.

QOS_QMPROFILE_MODIFYQUEUE_FAIL

Message text	Failed to configure queue [UINT32] in queue management profile [STRING]. [STRING].
Variable fields	$1: Queue ID. $2: Profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue management profile myqueue. The value is out of range.
Explanation	The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities.
Recommended action	Remove the queue scheduling profile from the interface, and then modify the parameters for the queue.

QOS_POLICY_REMOVE

Message text	QoS policy [STRING] failed to be applied to [STRING].
Variable fields	$1: QoS policy name. $2: A hub-spoke tunnel on a tunnel interface.
Severity level	4
Example	QOS/4/QOS_POLICY_REMOVE: QoS policy p1 failed to be applied to ADVPN session Tunnel1 192.168.0.3.
Explanation	This message is generated when a QoS policy applied to a hub-spoke tunnel on a tunnel interface failed to be modified.
Recommended action	Check the configuration according to the failure cause.

QOS_POLICY_ACTIVATE

Message text	QoS policy [STRING] was successfully applied to [STRING].
Variable fields	$1: QoS policy name. $2: A hub-spoke tunnel on a tunnel interface.
Severity level	4
Example	QOS/4/QOS_POLICY_ACTIVATE: QoS policy p1 was successfully applied to ADVPN session Tunnel1 192.168.0.3.
Explanation	This message is generated when a QoS policy applied to a hub-spoke tunnel on a tunnel interface is successfully modified.
Recommended action	No action is required.

RADIUS messages

This section contains RADIUS messages.

RADIUS_ACCT_SERVER_DOWN

Message text	RADIUS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	4
Example	RADIUS/4/RADIUS_ACCT_SERVER_DOWN: RADIUS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An accounting server became blocked.
Recommended action	1. Verify that the accounting server has started up. 2. Ping the accounting server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support.

RADIUS_ACCT_SERVER_UP

Message text	RADIUS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	6
Example	RADIUS/6/RADIUS_ACCT_SERVER_UP: RADIUS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An accounting server became active.
Recommended action	No action is required.

RADIUS_AUTH_FAILURE

Message text	User [STRING] at [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system at 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the RADIUS server.
Recommended action	No action is required.

RADIUS_AUTH_SERVER_DOWN

Message text	RADIUS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	4
Example	RADIUS/4/RADIUS_AUTH_SERVER_DOWN: RADIUS authentication server was blocked: Server IP= 1.1.1.1, port=1812, VPN instance=public.
Explanation	An authentication server became blocked.
Recommended action	1. Verify that the authentication server has started up. 2. Ping the authentication server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support.

RADIUS_AUTH_SERVER_UP

Message text	RADIUS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	6
Example	RADIUS/6/RADIUS_AUTH_SERVER_UP: RADIUS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An authentication server became active.
Recommended action	No action is required.

RADIUS_AUTH_SUCCESS

Message text	User [STRING] at [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system at 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the RADIUS server.
Recommended action	No action is required.

RADIUS_REMOVE_SERVER_FAIL

Message text	Failed to remove servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	RADIUS/4/RADIUS_REMOVE_SERVER_FAIL: Failed to remove servers in scheme abc.
Explanation	Failed to remove servers from a RADIUS scheme.
Recommended action	No action is required.

RBM messages

This section contains RBM messages for the hot backup module.

CFG_BATCH_SYNC

Message text	Configuration synchronization didn't complete due to configuration file sending exception.
Variable fields	N/A
Severity level	6
Example	RBM/6/ CFG_BATCH_SYNC: -Context=1; Configuration synchronization didn't complete due to configuration file sending exception.
Explanation	The device failed to synchronize configuration with the peer because an exception occurred in sending configuration files.
Recommended action	Manually back up configuration to the peer.

CFG_BATCH_SYNC

Message text	Started batch configuration synchronization.
Variable fields	N/A
Severity level	6
Example	RBM/6/ CFG_BATCH_SYNC: -Context=1; Started batch configuration synchronization.
Explanation	The device started to bulk back up configuration to the peer.
Recommended action	Do not perform any operation on the device during bulk configuration backup.

CFG_BATCH_SYNC

Message text	Finished batch configuration synchronization.
Variable fields	N/A
Severity level	6
Example	RBM/6/ CFG_BATCH_SYNC: -Context=1; Finished batch configuration synchronization.
Explanation	Bulk configuration synchronization finished.
Recommended action	No action is required.

CFG_BATCH_SYNC

Message text	Configuration synchronization failed! Device Role both is primary.
Variable fields	N/A
Severity level	6
Example	RBM/6/ CFG_BATCH_SYNC: -Context=1; Configuration synchronization failed! Device Role both is primary.
Explanation	Configuration backup failed because both the device and its peer were primary devices.
Recommended action	Assign the secondary role to the device or the peer.

CFG_COMPARE

Message text	Started configuration consistency check.
Variable fields	N/A
Severity level	6
Example	RBM/6/CFG_COMPARE: Started configuration consistency check.
Explanation	The configuration consistency check started.
Recommended action	No action is required.

CFG_COMPARE

Message text	Finished configuration consistency check.
Variable fields	N/A
Severity level	6
Example	RBM/6/CFG_COMPARE: Finished configuration consistency check.
Explanation	The configuration consistency check finished.
Recommended action	No action is required.

CFG_COMPARE

Message text	The following modules have inconsistent configuration: [STRING].
Variable fields	$1: Module name.
Severity level	6
Example	RBM/6/CFG_COMPARE: The following modules have inconsistent configuration: NAT.
Explanation	The configuration consistency check result was displayed.
Recommended action	No action is required.

CFG_COMPARE

Message text	Configuration consistency check didn't complete due to configuration file sending exception.
Variable fields	N/A
Severity level	6
Example	RBM/6/CFG_COMPARE: -Context=1; Configuration consistency check didn't complete due to configuration file sending exception.
Explanation	Configuration consistency check failed because an exception occurred in sending configuration files.
Recommended action	Manually perform configuration consistency check.

RBM_CFG_COMPARE_FAILED

Message text	Configuration consistency check failed because the context or card restarted during the check process.
Variable fields	N/A
Severity level	6
Example	RBM/6/RBM_CFG_COMPARE_FAILED: -Context=1; Configuration consistency check failed because the context or card restarted during the check process.
Explanation	The device failed to perform configuration consistency check, because a context or card restarted during the check process.
Recommended action	Manually perform configuration consistency check.

RBM_CFG_COMPARE_FAILED

Message text	Configuration synchronization failed because the context or card restarted during the synchronization process.
Variable fields	N/A
Severity level	6
Example	RBM/6/RBM_CFG_COMPARE_FAILED: -Context=1; Configuration synchronization failed because the context or card restarted during the synchronization process.
Explanation	The device failed to synchronize configuration in bulk, because a context or card restarted during the synchronization process.
Recommended action	Manually perform configuration synchronization.

RBM_CFG_CONFLICT_INTERFACE

Message text	VRRP collaboration does not take effect, because track interface monitoring configuration exists. Please remove track interface monitoring configuration.
Variable fields	N/A
Severity level	1
Example	RBM/1/ RBM_CFG_CONFLICT_INTERFACE: -Context=1; VRRP collaboration does not take effect, because track interface monitoring configuration exists. Please remove track interface monitoring configuration.
Explanation	RBM cannot collaborate with VRRP, because interface monitoring configuration exists.
Recommended action	Delete the interface monitoring configuration.

RBM_CFG_CONFLICT_VLAN

Message text	VRRP collaboration or routing protocol collaboration does not take effect, because track VLAN monitoring configuration exists. Please remove track VLAN monitoring configuration.
Variable fields	N/A
Severity level	1
Example	RBM/1/ RBM_CFG_CONFLICT_VLAN: -Context=1; VRRP collaboration or routing protocol collaboration does not take effect, because track VLAN monitoring configuration exists. Please remove track VLAN monitoring configuration.
Explanation	RBM cannot collaborate with VRRP or routing protocols, because VLAN monitoring configuration exists.
Recommended action	Delete the VLAN monitoring configuration.

RBM_CHANNEL

Message text	Local IP=[STRING], remote IP=[STRING], status=[STRING].
Variable fields	$1: Local IPv4 address used for setting up the RBM control channel. $2: Peer IPv4 address used for setting up the RBM control channel. $3: Status of the RBM control channel. · Connected. · Disconnected.
Severity level	1
Example	RBM/1/RBM_CHANNEL: Local IP=1.1.1.1, remote IP=1.1.1.2, status=Connected.
Explanation	The device displayed information about the RBM control channel.
Recommended action	If the RBM control channel is disconnected, verify that the local and peer IPv4 addresses are correct and verify network connectivity between the device and its peer.

RBM_CHANNEL

Message text	Local IPv6=[STRING], remote IPv6=[STRING], status=[STRING].
Variable fields	$1: Local IPv6 address used for setting up the RBM control channel. $2: Peer IPv6 address used for setting up the RBM control channel. $3: Status of the RBM control channel. · Connected. · Disconnected.
Severity level	1
Example	RBM/1/RBM_CHANNEL: Local IPv6=2001::1, remote IPv6=2001::2,status=Connected.
Explanation	The device displayed information about the RBM control channel.
Recommended action	If the RBM control channel is disconnected, verify that the local and peer IPv4 addresses are correct and verify network connectivity between the device and its peer.

RBM_CHANNEL_BIND_FAILED

Message text	Failed to bind IP address [STRING] and port [UINT16] to the RBM channel.
Variable fields	$1: IP address. $2: Port number.
Severity level	6
Example	RBM/6/RBM_CHANNEL_BIND_FAILED: -Context=1; Failed to bind IP address 1.1.1.2 and port 50001 to the RBM channel.
Explanation	Failed to bind the IP address and port number to the RBM channel. The port has been used by another application.
Recommended action	Modify the local IP address or the port number associated with the peer IP address.

RBM_CHANNEL_TEST_RECV_REPLY

Message text	Received a test reply message, seq= [STRING].
Variable fields	$1: Sequence number of the test.
Severity level	5
Example	RBM/5/RBM_CHANNEL_TEST_RECV_REPLY: -Context=1; Received a test reply message, seq=0
Explanation	After the system internal remote-backup-group channel test command was executed, the local end received a reply message from the peer end.
Recommended action	No action is required.

RBM_CHANNEL_TEST_RECV_REQUEST

Message text	Received a test request message, seq=[STRING].
Variable fields	$1: Sequence number of the test.
Severity level	5
Example	RBM/5/RBM_CHANNEL_TEST_RECV_REQUEST: -Context=1; Received a test request message, seq=0
Explanation	The local end received a message about the execution of the control channel connectivity test on the peer end.
Recommended action	No action is required.

RBM_CHANNEL_TEST_SENT

Message text	Sent a test request message, seq= [STRING].
Variable fields	$1: Sequence number of the test.
Severity level	5
Example	RBM/5/RBM_CHANNEL_TEST_SENT: -Context=1; Sent a test request message, seq=0.
Explanation	After the system internal remote-backup-group channel test command was executed, the local end sent a test request message.
Recommended action	No action is required.

RBM_DEL_SWITCHOVER_VRRP_IPV4

Message text	The switchover vrrp command was deleted for VRRP group [STRING] on the local device. The command has been configured on the peer.
Variable fields	$1: VRRP group ID.
Severity level	6
Example	RBM/6/RBM_DEL_SWITCHOVER_VRRP_IPV4: -Context=1; The switchover vrrp command was deleted for VRRP group 1 on the local device. The command has been configured on the peer.
Explanation	The switchover vrrp command was deleted for a VRRP group on the local secondary device, because this command had been executed on the peer primary device.
Recommended action	No action is required.

RBM_DEL_SWITCHOVER_VRRP_IPV6

Message text	The switchover vrrp ipv6 command was deleted for VRRP group [STRING] on the local device. The command has been configured on the peer.
Variable fields	$1: VRRP group ID.
Severity level	6
Example	RBM/6/RBM_DEL_SWITCHOVER_VRRP_IPV6: -Context=1; The switchover vrrp ipv6 command was deleted for VRRP group 1 on the local device. The command has been configured on the peer.
Explanation	The switchover vrrp ipv6 command was deleted for a VRRP group on the local secondary device, because this command had been executed on the peer primary device.
Recommended action	No action is required.

RBM_RUNNING_STATUS_CHANGED

Message text	RBM running status changed to [STRING].
Variable fields	$1: State of the device: · active. · standby. · initial.
Severity level	6
Example	RBM/6/RBM_RUNNING_STATUS_CHANGED: RBM running status changed to active.
Explanation	The state of the device changed after an RBM switchover.
Recommended action	No action is required.

RDDC messages

This section contains RDDC messages.

RDDC_ACTIVENODE_CHANGE

Message text	Redundancy group [STRING] active node changed to [STRING], because of [STRING].
Variable fields	$1: Redundancy group name. $2: Active node information. $3: Status change reason: ¡ manual switchover ¡ group's configuration changed ¡ node's weight changed
Severity level	5
Example	RDDC/5/RDDC_ACTIVENODE_CHANGE: Redundancy group 1 active node changed to node 1 (chassis 1), because of manual switchover.
Explanation	The active node in the redundancy group changed because of manual switchover, configuration change of the group, or weight change of the node.
Recommended action	No action is required.

REPUTATION messages

This section contains IP reputation, domain reputation, and URL reputation messages.

REPUTATION_MATCH_IPV4_LOG

Message text	MsgId(1174)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[MacAddr];DstMacAddr(1022)=[MacAddr];SrcIPAddr(1003)=[IPAddr];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPAddr];DstPort(1008)=[UINT16];Protocol(1001)=[UCHAR];CriticalLevel(1179)=[UINT16];IOC(1175)=[STRING];EvilType(1176)=[STRING];VirusFamilyName(1177)=[STRING];EvilId(1178)=[STRING];Action(1053)=[STRING];AtkDirection(1134)=[STRING];PolicyName(1079)=[STRING];
Variable fields	$1: Reputation type. Options include: · DOMAINREPUTATION—Domain reputation. · IPREPUTATION—IP reputation. · URLREPUTATION—URL reputation. $2: Username. $3: Source MAC address. $4: Destination MAC address. $5: Source IP address. $6: Source port. $7: Destination IP address. $8: Destination port. $9: Protocol type. $10: Severity level, in the range of 0 to 10. A bigger value represents a higher severity. $11: Intelligence IOC. $12: Attack category name. $13: Virus family name. $14: Attack category ID. $15: Action on a matching packet. Options include: · block-source—Blocks the packet and add the source IP address of the packet to the IP blacklist. · drop—Drops the packet. · permit—Permits the packet. · redirect—Redirect the packet to a specific webpage. · reset—Disconnects the TCP connection by sending a TCP reset packet. $16: Matching direction, which can be Source (source address) or Destination (destination address). Only IP reputation supports this field. $17: Policy name. Only URL reputation supports this field.
Severity level	6
Example	REPUT/6/REPUTATION_MATCH_IPV4_LOG:MsgId(1174)=IPREPUTATION;UserName(1113)=admin;SrcMacAddr(1021)=000d-88f7-9454;DstMacAddr(1022)=000d-88f7-9455;SrcIPAddr(1003)=10.10.10.10;SrcPort(1004)=8080;DstIPAddr(1007)=20.20.20.20;DstPort(1008)=7070;Protocol(1001)=tcp;CriticalLevel(1179)=5;IOC(1175)=10.10.10.10;EvilType(1176)=DDOS\|WEB;VirusFamilyName(1177)=VIRUS;EvilId(1178)=5;Action(1053)=drop;AtkDirection(1134)=Source;;PolicyName(1079)=a;
Explanation	This message is sent when an IPv4 packet matches a reputation signature.
Recommended action	No action is required.

REPUTATION_MATCH_IPV6_LOG

Message text	MsgId(1174)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[MacAddr];DstMacAddr(1022)=[MacAddr];SrcIPv6Addr(1036)=[IPAddr];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPAddr];DstPort(1008)=[UINT16];Protocol(1001)=[UCHAR];CriticalLevel(1179)=[UINT16];IOC(1175)=[STRING];EvilType(1176)=[STRING];VirusFamilyName(1177)=[STRING];EvilId(1178)=[STRING];Action(1053)=[STRING];AtkDirection(1134)=[STRING];PolicyName(1079)=[STRING];
Variable fields	$1: Reputation type. Options include: · DOMAINREPUTATION—Domain reputation. · IPREPUTATION—IP reputation. · URLREPUTATION—URL reputation. $2: Username. $3: Source MAC address. $4: Destination MAC address. $5: Source IPv6 address. $6: Source port. $7: Destination IPv6 address. $8: Destination port. $9: Protocol type. $10: Severity level, in the range of 0 to 10. A bigger value represents a higher severity. $11: Intelligence IOC. $12: Attack category name. $13: Virus family name. $14: Attack category ID. $15: Action on a matching packet. Options include: · block-source—Blocks the packet and add the source IPv6 address of the packet to the IPv6 blacklist. · drop—Drops the packet. · permit—Permits the packet. · redirect—Redirect the packet to a specific webpage. · reset—Disconnects the TCP connection by sending a TCP reset packet. $16: Matching direction, which can be Source (source address) or Destination (destination address). Only IP reputation supports this field. $17: Policy name. Only URL reputation supports this field.
Severity level	6
Example	REPUT/6/REPUTATION_MATCH_IPV6_LOG:MsgId(1174)=IPREPUTATION;UserName(1113)=admin;SrcMacAddr(1021)=000d-88f7-9454;DstMacAddr(1022)=000d-88f7-9455;SrcIPv6Addr(1036)=10::1;SrcPort(1004)=8080;DstIPv6Addr(1037)=100::40;DstPort(1008)=7070;Protocol(1001)=tcp;CriticalLevel(1179)=5;IOC(1175)=10::1;EvilType(1176)=DDOS\|WEB;VirusFamilyName(1177)=VIRUS;EvilId(1178)=5;Action(1053)=drop;AtkDirection(1134)= Source;PolicyName(1079)=a;
Explanation	This message is sent when an IPv6 packet matches a reputation signature.
Recommended action	No action is required.

RESMON

This section contains resource monitoring messages.

RESMON_MINOR

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below minor threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	4
Example	RESMON/4/RESMON_MINOR: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource decreased to or below minor threshold 20%.
Explanation	When the available resource amount decreases to or below the minor resource depletion threshold, the resource type enters minor alarm state and the device outputs this log message periodically.
Recommended action	Configure the device based on the resource type so the device allocates the type of resources reasonably.

RESMON_MINOR_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above minor threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	5
Example	RESMON/5/RESMON_MINOR_RECOVER: -Resource=AA-Total=100%-Used=77%-Free=23%; Free resource increased above minor threshold 20%.
Explanation	When the available resource amount increases above the minor resource depletion threshold, the resource type enters recovered state. The device removes the minor resource depletion alarm and outputs this log message.
Recommended action	No action is required.

RESMON_SEVERE

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below severe threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	3
Example	RESMON/3/RESMON_SEVERE: -Resource=AA-Total=100%-Used=93%-Free=7%; Free resource decreased to or below severe threshold 10%.
Explanation	When the available resource amount decreases to or below the severe resource depletion threshold, the resource type enters severe alarm state and the device outputs this log message periodically.
Recommended action	Configure the device based on the resource type so the device allocates the type of resources reasonably.

RESMON_SEVERE_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above severe threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	5
Example	RESMON/5/RESMON_SEVERE_RECOVER: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource increased above severe threshold 10%.
Explanation	When the available resource amount increases above the severe resource depletion threshold, the device removes the severe resource depletion alarm and outputs this log message.
Recommended action	No action is required.

RESMON_USEDUP

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Resources used up. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Resource usage description. Some types of resources do not have description information.
Severity level	2
Example	RESMON/2/RESMON_USEDUP: -Resource=vlaninterface-Total=2048-Used=2048-Free=0; Resources used up.
Explanation	When the available resource amount decreases to zero, the device outputs this log message periodically.
Recommended action	To ensure correct operation of the relevant services, immediately clear data or entries of the resource type that are not used.

RESMON_USEDUP_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; The amount of free resources increased from zero to a non-zero value. [STRING].
Variable fields	$1: Resource type. $2: Total amount, which can be 100% or an integer for an absolute value. $3: Used amount, a percentage or an integer for an absolute value. $4: Available amount, a percentage or an integer for an absolute value. $5: Additional resource usage information. This field might be null.
Severity level	5
Example	RESMON/5/RESMON_USEDUP_RECOVER: -Resource=vlaninterface-Total=2048-Used=2047-Free=1; The amount of free resources increased from zero to a non-zero value.
Explanation	When the available resource amount increases from zero, the device outputs this log message.
Recommended action	No action is required.

RIP messages

This section contains RIP messages.

RIP_MEM_ALERT

Message text	RIP Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIP/5/RIP_MEM_ALERT: RIP Process received system memory alert start event.
Explanation	RIP received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIP_RT_LMT

Message text	RIP [UINT32] Route limit reached
Variable fields	$1: Process ID.
Severity level	6
Example	RIP/6/RIP_RT_LMT: RIP 1 Route limit reached.
Explanation	The number of routes of a RIP process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RIPNG messages

This section contains RIPng messages.

RIPNG_MEM_ALERT

Message text	RIPng Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process received system memory alert start event.
Explanation	RIPng received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIPNG_RT_LMT

Message text	RIPng [UINT32] Route limit reached
Variable fields	$1: Process ID
Severity level	6
Example	RIPNG/6/RIPNG_RT_LMT: RIPng 1 Route limit reached.
Explanation	The number of routes of a RIPng process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RIR

This section contains RIR messages.

RIR_APPQUAL_PROBE_FAILED

Message text	Some SDWAN tunnels failed to start probe under the application quality probe instance(instance name [STRING], flow ID [UINT32]), because the maximum number of tunnels for application quality probe already reached.
Variable fields	$1: Name of an application quality probe instance. $2: Flow ID of the flow template enabled with application quality probe.
Severity level	4
Example	RIR/4/RIR_APPQUAL_PROBE_FAILED: Some SDWAN tunnels failed to start probe under the application quality probe instance(instance name [STRING], flow ID [UINT32]), because the maximum number of tunnels for application quality probe already reached.
Explanation	Some SDWAN tunnels failed to start probe under an application quality probe instance, because the maximum number of tunnels for application quality probe already reached.
Recommended action	Stop application quality probe for tunnels if the probe is not necessary for the tunnels.

RIR_BANDWIDTH_OVERUSED

Message text	-Device=[IPADDR]-VPNInstance=[STRING]-Tunnel=[UINT32]-OutputInterface=[STRING]-TotalBandwidth=[UINT64] kbps-UsedBandwidth=[UINT64] kbps. The bandwidth usage of the tunnel interface has reached 90%.
Variable fields	$1: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $2: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $3: Tunnel interface number. $4: Physical output interface associated with the tunnel interface. $5: Total bandwidth of the tunnel interface. $6: Used bandwidth of the tunnel interface.
Severity level	4
Example	RIR/4/RIR_BANDWIDTH_OVERUSED: -Device=1.1.1.1-VPNInstance=a-Tunnel=1-OutputInterface=GE1/0/1-TotalBandwidth=1000 kbps-UsedBandwidth=1000 kbps. The bandwidth usage of the tunnel interface has reached 90%.
Explanation	The bandwidth usage of a tunnel interface has reached 90%, and the device will perform link reselection.
Recommended action	If this message is generated frequently, increase the bandwidth of the tunnel interface.

RIR_CFG_CHANGED

Message text	RIR configuration (device [IPADDR], VPN instance [STRING]) changed.
Variable fields	$1: IP address of the device. For the local device, the value for this field is 0.0.0.0. $2: Name of the VPN instance to which the RIR collaboration relationship belongs. If the RIR configuration belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A.
Severity level	6
Example	RIR/6/RIR_CFG_CHANGED: RIR configuration (device 1.1.1.1, VPN instance a) changed.
Explanation	Any of the following configuration changes occurred: · Link index or link type change. · Link preference or link primary or backup role change. · Per-session expected bandwidth change. · Other configuration changes, for example, SLA configuration changes, that cause a link from qualified to unqualified or from unqualified to qualified for the service requirements.
Recommended action	No action is required.

RIR_LINK_SELECT

Message text	-SrcIPAddr=[IPADDR]-SrcPort=[UINT16]-DstIPAddr=[IPADDR]-DstPort=[UINT16]-Protocol=[STRING]-FlowID=[UINT32]. Selected a link (device [IPADDR], VPN instance [STRING], tunnel [UINT32]) for the session.
Variable fields	$1: Source IP address of the session. $2: Source port number of the session. $3: Destination IP address of the session. $4: Destination port number of the session. $5: Session protocol. Values: ¡ TCP. ¡ UDP. ¡ ICMP. ¡ IPv4. ¡ Other. $6: ID of the flow template to which the session belongs. $7: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $8: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $9: Tunnel interface number.
Severity level	6
Example	RIR/6/RIR_LINK_SELECT: -SrcIPAddr=55.1.1.2-SrcPort=51457-DstIPAddr=11.1.1.1-DstPort=8-Protocol=ICMP-FlowID=1. Selected a link (device 1.1.1.1, VPN instance a, tunnel 1) for the session.
Explanation	RIR selected a link for the session.
Recommended action	No action is required.

RIR_LINKFAULT

Message text	The link (device [IPADDR], VPN instance [STRING], tunnel [UINT32]) became faulty.
Variable fields	$1: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $2: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $3: Tunnel interface number.
Severity level	4
Example	RIR/4/RIR_LINKFAULT: The link (device 1.1.1.1, VPN instance a, tunnel 1) became faulty.
Explanation	NQA link connectivity probe detected that the link was disconnected or in down state.
Recommended action	No action is required.

RIR_OUTIF_BANDWIDTH_OVERUSED

Message text	-Device=[IPADDR]-VPNInstance=[STRING]-OutputInterface=[STRING]-TotalBandwidth=[UINT64] kbps-UsedBandwidth=[UINT64] kbps. The bandwidth usage of the output interface has reached 90%.
Variable fields	$1: IP address of the device to which the output interface belongs. ¡ If the output interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the output interface belongs to a peer device, the value for this field is the IP address of the peer device. $2: Name of the VPN instance to which the RIR collaboration relationship belongs. If the output interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $3: Physical output interface associated with the tunnel interface. $4: Total bandwidth of the output interface. $5: Used bandwidth of the output interface.
Severity level	4
Example	RIR/4/RIR_OUTIF_BANDWIDTH_OVERUSED: -Device=1.1.1.1-VPNInstance=a-OutputInterface=GE1/0/1-TotalBandwidth=1000 kbps-UsedBandwidth=1000 kbps. The bandwidth usage of the output interface has reached 90%.
Explanation	The bandwidth usage of a physical output interface has reached 90%, and the device will perform link reselection.
Recommended action	If this message is generated frequently, use another output interface with higher bandwidth.

RIR_QUALITY_DELAY

Message text	-FlowID=[UINT32]-Device=[IPADDR]-VPNInstance=[STRING]-Tunnel=[UINT32]-DetectedDelay=[UINT32] ms-DelayThreshold=[UINT32] ms. The link became unqualified because the link delay detected by NQA was higher than the link delay threshold in the SLA.
Variable fields	$1: ID of the flow template. $2: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $3: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $4: Tunnel interface number. $5: Link delay detected by NQA. $6: Link delay threshold in the SLA associated with the flow template.
Severity level	4
Example	RIR/4/RIR_QUALITY_DELAY: -FlowID=2-Device=1.1.1.1-VPNInstance=a-Tunnel=1-DetectedDelay=100 ms-DelayThreshold=50 ms. The link became unqualified because the link delay detected by NQA was higher than the link delay threshold in the SLA.
Explanation	The link became unqualified because the link delay detected by NQA was higher than the link delay threshold in the SLA associated with the flow template.
Recommended action	No action is required.

RIR_QUALITY_JITTER

Message text	-FlowID=[UINT32]-Device=[IPADDR]-VPNInstance=[STRING]-Tunnel=[UINT32]-DetectedJitter=[UINT32] ms-JitterThreshold=[UINT32] ms. The link became unqualified because the link jitter was higher than the jitter threshold in the SLA.
Variable fields	$1: ID of the flow template. $2: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $3: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $4: Tunnel interface number. $5: Link jitter detected by NQA. $6: Jitter threshold in the SLA associated with the flow template.
Severity level	4
Example	RIR/4/RIR_QUALITY_JITTER: -FlowID=2-Device=1.1.1.1-VPNInstance=a-Tunnel=1-DetectedJitter=100 ms-JitterThreshold=50 ms. The link became unqualified because the link jitter was higher than the jitter threshold in the SLA.
Explanation	The link became unqualified because the link jitter detected by NQA was higher than the jitter threshold in the SLA associated with the flow template.
Recommended action	No action is required.

RIR_QUALITY_OTHER

Message text	-FlowID=[UINT32]-Device=[IPADDR]-VPNInstance=[STRING]-Tunnel=[UINT32]. The link became unqualified because of a reason other than failing to meet the thresholds in the SLA.
Variable fields	$1: ID of the flow template. $2: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $3: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $4: Tunnel interface number.
Severity level	4
Example	RIR/4/RIR_QUALITY_OTHER: -FlowID=2-Device=1.1.1.1-VPNInstance=a-Tunnel=1. The link became unqualified because of a reason other than failing to meet the thresholds in the SLA.
Explanation	The link became unqualified because of a reason other than failing to meet the thresholds in the SLA associated with the flow template. For example, this message is generated if the SLA thresholds are inconsistent on the hub and spoke sites.
Recommended action	No action is required.

RIR_QUALITY_PKTLOSS

Message text	-FlowID=[UINT32]-Device=[IPADDR]-VPNInstance=[STRING]-Tunnel=[UINT32]-DetectedPktLoss=[UINT32]/1000-PktLossThreshold=[UINT32]/1000. The link became unqualified because the packet loss ratio detected by NQA was higher than the packet loss threshold in the SLA.
Variable fields	$1: ID of the flow template. $2: IP address of the device to which the tunnel interface belongs. ¡ If the tunnel interface belongs to the local device, the value for this field is 0.0.0.0. ¡ If the tunnel interface belongs to a peer device, the value for this field is the IP address of the peer device. $3: Name of the VPN instance to which the RIR collaboration relationship belongs. If the tunnel interface belongs to the local device or the peer device uses a public address to establish RIR collaboration relationship with the local device, this field displays N/A. $4: Tunnel interface number. $5: Packet loss ratio detected by NQA. $6: Packet loss threshold in the SLA associated with the flow template.
Severity level	4
Example	RIR/4/RIR_QUALITY_PKTLOSS: -FlowID=2-Device=1.1.1.1-VPNInstance=a-Tunnel=1-DetectedPktLoss=100/1000-PktLossThreshold=50/1000. The link became unqualified because the packet loss ratio detected by NQA was higher than the packet loss threshold in the SLA.
Explanation	The link became unqualified because the packet loss ratio detected by NQA was higher than the packet loss threshold in the SLA associated with the flow template.
Recommended action	No action is required.

RM messages

This section contains RM messages.

RM_ACRT_REACH_LIMIT

Message text	Max active [STRING] routes [UINT32] reached in URT of [STRING]
Variable fields	$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1
Explanation	The number of active routes reached the upper limit in the unicast routing table of a VPN instance.
Recommended action	Remove unused active routes.

RM_ACRT_REACH_THRESVALUE

Message text	Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1
Explanation	The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance.
Recommended action	Modify the threshold value or the route limit configuration.

RM_THRESHLD_VALUE_REACH

Message text	Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1
Explanation	The number of active routes reached the threshold in the unicast routing table of a VPN instance.
Recommended action	Modify the route limit configuration.

RPR messages

This section contains RPR messages.

RPR_EXCEED_MAX_SEC_MAC

Message text	A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_SEC_MAC: A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR secondary MAC addresses on the ring has reached the upper limit.
Recommended action	Disable VRRP on RPR stations.

RPR_EXCEED_MAX_SEC_MAC_OVER

Message text	A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_SEC_MAC_OVER: A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of secondary MAC addresses on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_MAX_STATION

Message text	A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_STATION: A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has reached the upper limit.
Recommended action	Remove some RPR stations.

RPR_EXCEED_MAX_STATION_OVER

Message text	A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_STATION_OVER: A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_RESERVED_RATE

Message text	An excess reserved rate defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_EXCEED_RESERVED_RATE: An excess reserved rate defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was greater than the total bandwidth of the RPR ring.
Recommended action	Reduce the reserved bandwidth.

RPR_EXCEED_RESERVED_RATE_OVER

Message text	An excess reserved rate defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_RESERVED_RATE_OVER: An excess reserved rate defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was smaller than the total bandwidth of the RPR ring.
Recommended action	No action is required.

RPR_IP_DUPLICATE

Message text	A duplicate IP address defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_IP_DUPLICATE: A duplicate IP address defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same IP address.
Recommended action	Locate the RPR station, and change its IP address.

RPR_IP_DUPLICATE_OVER

Message text	A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_IP_DUPLICATE_OVER: A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate IP address defect was cleared.
Recommended action	No action is required.

RPR_JUMBO_INCONSISTENT

Message text	A jumbo configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT: A jumbo configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different Jumbo frame configuration.
Recommended action	Locate the RPR station and change its Jumbo frame configuration.

RPR_JUMBO_INCONSISTENT_OVER

Message text	A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT_OVER: A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The Jumbo frame configuration inconsistency defect was cleared.
Recommended action	No action is required.

RPR_MISCABLING

Message text	A miscabling defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_MISCABLING: A miscabling defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The west port of an RPR station was not connected to the east port of anther RPR station.
Recommended action	Examine the physical port connection of the two RPR stations.

RPR_MISCABLING_OVER

Message text	A miscabling defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_MISCABLING_OVER: A miscabling defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR physical port connection defect was cleared.
Recommended action	No action is required.

RPR_PROTECTION_INCONSISTENT

Message text	A protection configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_PROTECTION_INCONSISTENT: A protection configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different protection mode.
Recommended action	Locate the RPR station and change its protection mode.

RPR_PROTECTION_INCONSISTENT_OVER

Message text	A protection configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_PROTECTION_INCONSISTENT_OVER: A protection configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The protection mode inconsistency defect was cleared.
Recommended action	No action is required.

RPR_SEC_MAC_DUPLICATE

Message text	A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_SEC_MAC_DUPLICATE: A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same secondary MAC address.
Recommended action	Locate the RPR station, and change its secondary MAC address.

RPR_SEC_MAC_DUPLICATE_OVER

Message text	A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_SEC_MAC_DUPLICATE_OVER: A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate secondary MAC address defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INCONSISTENT

Message text	An inconsistent topology defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_TOPOLOGY_INCONSISTENT: An inconsistent topology defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the ports on the PRP stations was different.
Recommended action	Execute the shutdown command and then the undo shutdown command on the ports to collect topology information again.

RPR_TOPOLOGY_INCONSISTENT_OVER

Message text	An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INCONSISTENT_OVER: An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information inconsistency defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY

Message text	A topology instability defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INSTABILITY: A topology instability defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was unstable.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY_OVER

Message text	A topology instability defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INSTABILITY_OVER: A topology instability defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was stable.
Recommended action	No action is required.

RPR_TOPOLOGY_INVALID

Message text	A topology invalid defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INVALID: A topology invalid defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was invalid.
Recommended action	Execute the shutdown command and then the undo shutdown command on the RPR stations to collect topology information again.

RPR_TOPOLOGY_INVALID_OVER

Message text	A topology invalid defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INVALID_OVER: A topology invalid defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was valid.
Recommended action	No action is required.

RRPP messages

This section contains RRPP messages.

RRPP_RING_FAIL

Message text	Ring [UINT32] in Domain [UINT32] failed.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_FAIL: Ring 1 in Domain 1 failed.
Explanation	A ring failure occurred in the RRPP domain.
Recommended action	Check each RRPP node to clear the network fault.

RRPP_RING_RESTORE

Message text	Ring [UINT32] in Domain [UINT32] recovered.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_RESTORE: Ring 1 in Domain 1 recovered.
Explanation	The ring in the RRPP domain was recovered.
Recommended action	No action is required.

RTM messages

This section contains RTM messages.

RTM_TCL_NOT_EXIST

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found.
Explanation	The system did not find the Tcl script file for the policy while executing the policy.
Recommended action	1. Verify that the Tcl script file exists. 2. Reconfigure the policy.

RTM_TCL_MODIFY

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified.
Explanation	The Tcl script file for the policy was modified.
Recommended action	Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy.

RTM_TCL_LOAD_FAILED

Message text	Failed to load the Tcl script file of policy [STRING].
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy [STRING].
Explanation	The system failed to load the Tcl script file for the policy to memory.
Recommended action	No action is required.

Sandbox messages

This section contains sandbox messages through fast log output.

SANDBOX_DETECTION_IPV4_LOG

Message text	SandboxType(1143)=[STRING];FileType(1096)=[STRING];FileName(1097)=[STRING];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];TrtType(1144)=[STRING];Severity(1087)=[STRING];MD5(1129)=[STRING];BeginTime_c(1011)=[STRING];ThreatDir(1170)=[UINT16];AttackName(1088)=[STRING];ThreatAct(1171)=[STRING];ThreatFmly(1172)=[UINT16];StatusCode(1167)=[STRING];ThreatHttpContentLen(1173)=[STRING];RealSrcIP(1100)=[STRING];
Variable fields	$1: Sandbox type: ¡ AV. ¡ Windows. ¡ Win64. ¡ WEB. ¡ Office. $2: File type. $3: File name. $4: Protocol type. $5: Application protocol name. $6: Source IPv4 address. $7: Source port number. $8: Destination IPv4 address. $9: Destination port number. $10: Source security zone name. $11: Destination security zone name. $12: Name of the identity user. $13: Threat type: ¡ UNKNOWN. ¡ KNOWN. ¡ NORMAL. No threats exist in the file. $14: Severity level: ¡ NOTHREAT. ¡ LOW. ¡ MEDIUM. ¡ HIGH. $15: MD5 value. $16: Generation time of the sandbox inspection log. $17: File transfer direction: ¡ download—From the server to the client. ¡ upload—From the client to the server. $18: Threat name. $19: Threat action. See Table 17 for the threat act field value. (The value for the threat act field varies by the software version of the sandbox. Table 17 uses the ESS 6701 as an example.) $20: Threat family. See Table 18 for the threat family field value. $21: HTTP/HTTPS response status code. $22: Value for the Content-Length field of the HTTP/HTTPS packet. $23: Real source IP address.
Severity level	6
Example	SANDBOX/6/SANDBOX_DETECTION_IPV4_LOG:SandboxType(1143)=WEB;FileType(1096)=exe;FileName(1097)=abc.exe;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=192.168.7.15;SrcPort(1004)=4790;DstIPAddr(1007)=192.168.15.252;DstPort(1008)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;TrtType(1144)=UNKNOWN;Severity(1087)=HIGH;MD5(1129)=c4ab18ce0dbd4c911ae501753d0bda89;BeginTime_c(1011)=20180320091510;ThreatDir(1170)=download;AttackName(1088)=;ThreatAct(1171)=;ThreatFmly(1172)=0;StatusCode(1167)=200;ThreatHttpContentLen(1173)=22087;RealSrcIP(1100)=2.2.2.2,3.2.2.2,3.2.2.2,2.2.2.2,2.2.2.2,2.2.2.2,2.2.2.2,2.2.2.2,3.3.3.2;
Explanation	This message is sent when the sandbox inspection log is generated.
Recommended action	No action is required.

SANDBOX_DETECTION_IPV6_LOG

Message text	SandboxType(1143)=[STRING];FileType(1096)=[STRING];FileName(1097)=[STRING];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];TrtType(1144)=[STRING];Severity(1087)=[STRING];MD5(1129)=[STRING];BeginTime_c(1011)=[STRING];ThreatDir(1170)=[UINT16];AttackName(1088)=[STRING];ThreatAct(1171)=[STRING];ThreatFmly(1172)=[UINT16];StatusCode(1167)=[STRING];ThreatHttpContentLen(1173)=[STRING];RealSrcIP(1100)=[STRING];
Variable fields	$1: Sandbox type: ¡ AV. ¡ Windows. ¡ Win64. ¡ WEB. ¡ Office. $2: File type. $3: File name. $4: Protocol type. $5: Application protocol name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone name. $11: Destination security zone name. $12: Name of the identity user. $13: Threat type: ¡ UNKNOWN. ¡ KNOWN. ¡ NORMAL. No threats exist in the file. $14: Severity level: ¡ NOTHREAT. ¡ LOW. ¡ MEDIUM. ¡ HIGH. $15: MD5 value. $16: Generation time of the sandbox inspection log. $17: File transfer direction: ¡ download—From the server to the client. ¡ upload—From the client to the server. $18: Threat name. $19: Threat action. See Table 17 for the threat act field value. (The value for the threat act field varies by the software version of the sandbox. Table 17 uses the ESS 6701 as an example.) $20: Threat family. See Table 18 for the threat family field value. $21: HTTP/HTTPS response status code. $22: Value for the Content-Length field of the HTTP/HTTPS packet. $23: Real source IP address.
Severity level	6
Example	SANDBOX/6/SANDBOX_DETECTION_IPV6_LOG:SandboxType(1143)=WEB;FileType(1096)=exe;FileName(1097)=abc.exe;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=4790;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;TrtType(1144)=UNKNOWN;Severity(1087)=HIGH;MD5(1129)=c4ab18ce0dbd4c911ae501753d0bda89;BeginTime_c(1011)=20180320091510;ThreatDir(1170)=download;AttackName(1088)=;ThreatAct(1171)=;ThreatFmly(1172)=0;StatusCode(1167)=200;ThreatHttpContentLen(1173)=22087;RealSrcIP(1100)=3::3;
Explanation	This message is sent when the sandbox inspection log is generated.
Recommended action	No action is required.

Table 17 Value for the threat act field

ID	Threat action
1	Enable autorun after the device starts.
2	Inject to other processes remotely.
3	Reduce the firewall security level or add whitelist entries.
4	Bypass User Account Control (UAC) to obtain the administrator privilege.
5	Disable the system protection mechanism.
6	Detect whether the antivirus software is installed or running in the system.
7	Detect whether the file runs in the sandbox or is debugged by the debugger.
8	Delete local files.
9	DLL hijacking or image hijacking.
10	Replace the file to be an EXE file or a DLL file.
11	The file uses a name similar to a key process for counterfeiting.
12	Infect the existing PE files.
13	Load the driver.
14	Modify the security policies of the IE browser.
15	Add or modify a Windows account.
16	Add or modify a Windows service.
17	Suspicious network connection.
18	Create a suspicious process and release a suspicious file.
19	Release an executable program.
20	Automatic shutdown, automatic restart, or automatic logout.
21	The PE file execution releases a script file.
22	Modify the hosts file.
23	Hook the key functions of the program.
24	Promote the privilege of the program.
25	The script file uses the PowerShell.
26	Malicious network behaviors of the script file.
27	Access sensitive files, such as the files storing the browser username and password.
28	Using the Android software consumes the call charge.
29	Malicious commercials on the Android software.
30	The Android software steals user privacy.
31	File faking.
32	Modify the file hidden attribute.
33	Malicious network behaviors of an executable file.
34	Malicious shortcut files.
35	Suspicious macro viruses.
200	Viruses.
201	Spyware.
202	Worms.
203	Backdoors.
204	Ransomware.
205	Downloader.
206	Malicious commercials.
207	Malicious scripts.
208	Malicious files with vulnerabilities.
209	Virus generator.
210	Shell software.
211	Heuristic behaviors.
212	Riskware.
213	Phishing.
214	Macro viruses.
215	Other threat types.

Table 18 Value for the threat family field

ID	Threat family
0	Others
1	Viruses
2	Trojans
3	Worms
4	Backdoors
5	Ransomware
6	Downloader
7	Malicious commercials
8	Malicious scripts
9	Macro viruses
10	Malicious files with vulnerabilities
11	Phishing
12	Riskware
13	Shell software
14	Heuristic behaviors
15	Digital currency
16	Botnets
17	APT intelligence
18	Malicious domain names generated by DGA

SCD

This section contains server connection detection (SCD) messages.

SCD_IPV4

Message text	Protocol(1001)=[STRING];ServerIPAddr(1003)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[STRING]; Illegal server connection.
Variable fields	$1: Protocol type. $2: Server IP address. $3: Destination IP address of the server-initiated connection. $4: Destination port number of the server-initiated connection.
Severity level	6
Example	SCD/6/SCD_IPV4:-Context=1;Protocol(1001)=TCP;ServerIPAddr(1003)=192.168.105.1;DstIPAddr(1007)=192.168.105.111;DstPort(1008)=80; Illegal server connection.
Explanation	This message is sent when an illegal server-initiated connection is detected.
Recommended action	Check the illegal connection and decide whether to allow the connection based on your network services. For example, you can configure a security policy to block such connections.

SCMD messages

This section contains SCM messages.

PROCESS_ABNORMAL

Message text	The process [STRING] exited abnormally. ServiceName=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING].
Variable fields	$1: Process name. $2: Service name defined in the script. $3: Process exit code. If the process was closed by a signal, this field displays NA. $4: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $5: Time when the process was created. $6: Time when the process was closed.
Severity level	4
Example	SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25.
Explanation	A service exited abnormally.
Recommended action	1. Use the display process command to identify whether the process exists. If the process exists, the process has recovered. Typically, a process restarts automatically after it exits abnormally. 2. If the process has not recovered or has recovered but you want to find the reasons, perform the following tasks: a. Execute the view /var/log/trace.log > trace.log command in probe view, and transfer the generated file trace.log from the device to a PC through FTP or TFTP. To use FTP, set the transfer mode to binary. b. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem.

PROCESS_ACTIVEFAILED

Message text	The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Variable fields	$1: Process name.
Severity level	4
Example	SCMD/4/PROCESS_ACTIVEFAILED: The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Explanation	The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted.
Recommended action	No action is required.

PROCESS_CORERECORD

Message text	Exceptions occurred with process [STRING]. A core dump file was generated.
Variable fields	$1: Process name.
Severity level	4
Example	SCMD/4/PROCESS_CORERECORD: Exceptions occurred with process diagd. A core dump file was generated.
Explanation	Exceptions occurred with the process and a core dump file was generated. The core dump file contains information relevant to the process exceptions. You can use the file for troubleshooting.
Recommended action	1. Execute the display exception context command to collect process exception information, and save the information to a file. 2. Execute the display exception filepath command to display the core file. 3. Transfer the core file and the file that stores the process exception information to a PC through FTP or TFTP. To use FTP, set the transfer mode to binary. 4. Contact H3C Support. Do not reboot the device so H3C Support can help you locate the problem.

SCM_ABNORMAL_REBOOT

Message text	Failed to restore process [STRING]. Reboot [STRING].
Variable fields	$1: Process name. $2: Chassis number and slot number, slot number, or string the system.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOT: Failed to restore process ipbased. Reboot slot 1.
Explanation	While the device or slot was rebooting, the specified process quitted abnormally and failed to recover after multiple automatic restart attempts. The device or slot will reboot automatically.
Recommended action	1. After the device or slot starts up, use the display process command to verify that the process has recovered. 2. If the problem persists, contact H3C Support.

SCM_ABNORMAL_REBOOTMDC

Message text	Failed to restore process [STRING] on [STRING] [UINT16]. Rebooting [STRING] [UINT16].
Variable fields	$1: Process name. $2: Device type, MDC or context. $3: ID of the MDC or context. $4: Device type, MDC or context. $5: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOTMDC: Failed to restore process ipbased on MDC 2. Rebooting MDC 2.
Explanation	The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot restore after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1.
Recommended action	1. Use the display process command to verify that the process has restored after the card restarts. 2. If the problem persists, contact H3C Support.

SCM_ABORT_RESTORE

Message text	Failed to restore process [STRING]. Restoration aborted.
Variable fields	$1: Process name.
Severity level	3
Example	SCMD/3/SCM_ABORT_RESTORE: Failed to restore process ipbased. Restoration aborted.
Explanation	The process exited abnormally during the system operation. If the process cannot restore after multiple automatic restart attempts, the device will not restore the process.
Recommended action	1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. Provide the output from the display process log command to H3C Support.

SCM_INSMOD_ADDON_TOOLONG

Message text	Failed to finish loading [STRING] in [UINT32] minutes.
Variable fields	$1: Kernel file name. $2: File loading duration.
Severity level	4
Example	SCMD/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes.
Explanation	Kernel file loading timed out during device startup.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_KERNEL_INIT_TOOLONG

Message text	Kernel init in sequence [STRING] function [STRING] is still starting for [UINT32] minutes.
Variable fields	$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration.
Severity level	4
Example	SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 is still starting for 15 minutes.
Explanation	A function at a phase during kernel initialization ran too long.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_KILL_PROCESS

Message text	Pattern 1: The process [STRING] was killed because it failed to stop within [STRING]. Pattern 2: The process [STRING] on [STRING] [UINT16] was killed because it failed to stop within [STRING].
Variable fields	Pattern 1: $1: Process name. $2: Time that elapsed after the process received the stop signal and before the device output this log message. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time that elapsed after the process received the stop signal and before the device output this log message.
Severity level	6
Example	SCMD/6/SCM_KILL_PROCESS: The process stamgrd was killed because it failed to stop within 30 minutes.
Explanation	If a process does not stop after running a specific period of time, the system will kill the process.
Recommended action	1. After the system, MDC, or context operates stably, use the display process command to identify whether the process has recovered. 2. If the process does not recover, contact H3C Support.

SCM_PROCESS_STARTING_TOOLONG

Message text	Pattern 1: The process [STRING] has not finished starting in [UINT32] hours. Pattern 2: The process [STRING] on [STRING] [UINT16] has not finished starting in [UINT32] hours.
Variable fields	Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Device type, MDC or context. $3: ID of the MDC or context. $4: Time duration.
Severity level	4
Example	SCMD/4/ SCM_PROCESS_STARTING_TOOLONG: The process ipbased has not finished starting in 1 hours.
Explanation	The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal.
Recommended action	1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 3. Contact H3C Support.

SCM_PROCESS_STILL_STARTING

Message text	Pattern 1: The process [STRING] is still starting for [UINT32] minutes. Pattern 2: The process [STRING] on [STRING] [UINT16] is still starting for [UINT32] minutes.
Variable fields	Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Device type, MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $3: ID of the MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $4: Time duration.
Severity level	6
Example	SCMD/6/SCM_PROCESS_STILL_STARTING: The process ipbased on MDC 2 is still starting for 20 minutes.
Explanation	A process is always in startup state.
Recommended action	No action is required.

SCM_SKIP_PROCESS

Message text	Pattern 1: The process [STRING] was skipped because it failed to start within 6 hours. Pattern 2: The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours.
Variable fields	Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours.
Explanation	A process has not completed its startup within six hours during the card/MDC/context startup, skip this process and go on with the startup.
Recommended action	1. Restart the card/MDC/context. 2. Use the display process command to verify that the process has restored. 3. Contact H3C Support.

SCRLSP messages

This section contains static CRLSP messages.

SCRLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static CRLSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static CRLSP name.
Severity level	4
Example	SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate.
Explanation	The incoming label of a static CRLSP was occupied by another configuration, for example, by a static PW or by a static LSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static CRLSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static CRLSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static CRLSP, and reconfigure it with another incoming label.

SECDIAG

This section contains security diagnosis messages.

MONITOR_CONCURRENCY_EXCEED

Message text	Number of concurrent sessions reached the threshold [STRING] on [STRING]
Variable fields	$1: Threshold for the number of concurrent sessions. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	5
Example	SECDIAG/5/MONITOR_CONCURRENCY_EXCEED: Number of concurrent sessions reached the threshold 3000 on slot 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The number of concurrent sessions exceeded the configured threshold.
Recommended action	Decrease the number of concurrent sessions or add new devices to share the load.

MONITOR_CONCURRENCY_BELOW

Message text	Number of concurrent sessions dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	6
Example	SECDIAG/6/MONITOR_CONCURRENCY_BELOW: Number of concurrent sessions dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The number of concurrent sessions decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_CONNECTION_EXCEED

Message text	Session establishment rate reached the threshold [STRING] on [STRING].
Variable fields	$1: Session establishment rate threshold. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	5
Example	SECDIAG/5MONITOR_CONNECTION_EXCEED: Session establishment rate reached the threshold 600 on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The session establishment rate exceeded the configured threshold.
Recommended action	Decrease the session establishment rate or add new devices to share the load.

MONITOR_CONNECTION_BELOW

Message text	Session establishment rate dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	6
Example	SECDIAG/6/MONITOR_CONNECTION_BELOW: Session establishment rate dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The session establishment rate decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_SECP_IPV4_EXCEED

Message text	Number of IPv4 security policy rules reached the threshold [STRING].
Variable fields	$1: IPv4 security policy rule threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_SECP_IPV4_EXCEED: Number of IPv4 security policy rules reached the threshold 500.
Explanation	The number of IPv4 security policy rules exceeded the configured threshold.
Recommended action	Decrease the number of IPv4 security policy rules or add new devices to provide higher rule capacity.

MONITOR_SECP_IPV4_BELOW

Message text	Number of IPv4 security policy rules dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_SECP_IPV4_BELOW: Number of IPv4 security policy rules dropped below the threshold.
Explanation	The number of IPv4 security policy rules decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_SECP_IPV6_EXCEED

Message text	Number of IPv6 security policy rules reached the threshold [STRING].
Variable fields	$1: IPv6 security policy rule threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_SECP_IPV6_EXCEED: Number of IPv6 security policy rules reached the threshold 200.
Explanation	The number of IPv6 security policy rules exceeded the configured threshold.
Recommended action	Decrease the number of IPv6 security policy rules or add new devices to provide higher rule capacity.

MONITOR_SECP_IPV6_BELOW

Message text	Number of IPv6 security policy rules dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_SECP_IPV6_BELOW: Number of IPv6 security policy rules dropped below the threshold.
Explanation	The number of IPv6 security policy rules decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_CONTEXT_EXCEED

Message text	Number of contexts reached the threshold [STRING].
Variable fields	$1: Context usage threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_CONTEXT_EXCEED: Number of contexts reached the threshold 60.
Explanation	The number of contexts exceeded the configured threshold.
Recommended action	Decrease the number of contexts or add new devices to share the load.

MONITOR_CONTEXT_BELOW

Message text	Number of created contexts dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_CONTEXT_BELOW: Number of created contexts dropped below the threshold.
Explanation	The number of contexts decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_NAT_EXCEED

Message text	Number of NAT server mappings and static NAT mappings reached the threshold [STRING].
Variable fields	$1: NAT mapping threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_NAT_EXCEED: Number of NAT server mappings and static NAT mappings reached the threshold 200.
Explanation	The number of NAT mappings exceeded the configured threshold.
Recommended action	Decrease the number of NAT mappings or add new devices to provide higher NAT mapping capacity.

MONITOR_NAT_BELOW

Message text	Number of NAT server mappings and static NAT mappings dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_NAT_BELOW: Number of NAT server mappings and static NAT mappings dropped below the threshold.
Explanation	The number of NAT mappings decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BAGG_EXCEED

Message text	Number of Layer 2 aggregate interfaces reached the threshold [STRING].
Variable fields	$1: Layer 2 aggregate interface usage threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_BAGG_EXCEED: Number of Layer 2 aggregate interfaces reached the threshold 20.
Explanation	The number of Layer 2 aggregate interfaces exceeded the configured threshold.
Recommended action	Decrease the number of Layer 2 aggregate interfaces or add new devices to share the load.

MONITOR_BAGG_BELOW

Message text	Number of Layer 2 aggregate interfaces dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_BAGG_BELOW: Number of Layer 2 aggregate interfaces dropped below the threshold.
Explanation	The number of Layer 2 aggregate interfaces decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_RAGG_EXCEED

Message text	Number of Layer 3 aggregate interfaces reached the threshold [STRING].
Variable fields	$1: Layer 3 aggregate interface usage threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_RAGG_EXCEED: Number of Layer 3 aggregate interfaces reached the threshold 10.
Explanation	The number of Layer 3 aggregate interfaces exceeded the configured threshold.
Recommended action	Decrease the number of Layer 3 aggregate interfaces or add new devices to share the load.

MONITOR_RAGG_BELOW

Message text	Number of Layer 3 aggregate interfaces dropped below the threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_RAGG_BELOW: Number of Layer 3 aggregate interfaces dropped below the threshold.
Explanation	The number of Layer 3 aggregate interfaces decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BLADE_THROUGHPUT_EXCEED

Message text	Total throughput of blade interfaces reached the threshold [STRING] on [STRING].
Variable fields	$1: Inner interface throughput threshold. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	5
Example	SECDIAG/5/MONITOR_BLADE_THROUGHPUT_EXCEED: Total throughput of blade interfaces reached the threshold 1500 on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The inner interface throughput exceeded the configured threshold.
Recommended action	Decrease the inner interface throughput or add new devices to share the load.

MONITOR_BLADE_THROUGHPUT_BELOW

Message text	Total throughput of blade interfaces dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	6
Example	SECDIAG/6/MONITOR_BLADE_THROUGHPUT_BELOW: Total throughput of blade interfaces dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The inner interface throughput decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_QACL_EXCEED

Message text	QACL usage reached the threshold [STRING] on [STRING]: Total slices=[STRING], Remaining single slices=[STRING], Remaining double slices=[STRING], Remaining MQC entries=[STRING], Remaining OpenFlow entries=[STRING].
Variable fields	$1: QACL resource usage threshold. $2: Slot ID in the slot xx cpu xx core xx format. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx core xx format. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx core xx format. (Distributed devices in IRF mode.)
Severity level	5
Example	SECDIAG/5/MONITOR_QACL_EXCEED: QACL usage reached the threshold 80 on slot 5 CPU 1 core 2: Total slices=10. Remaining single slices=1. Remaining double slices=0. Remaining MQC entries=512. Remaining OpenFlow entries=256. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The QACL resource usage exceeded the configured threshold.
Recommended action	Decrease the QACL resource usage or add new devices to share the load.

MONITOR_QACL_BELOW

Message text	QACL usage dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx core xx format. (Distributed devices in standalone mode.) (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx core xx format. (Distributed devices in IRF mode.)
Severity level	6
Example	SECDIAG/6/MONITOR_QACL_BELOW: QACL usage dropped below the threshold on slot 5 CPU 1 core 2. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The QACL resource usage decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BANDWIDTH_EXCEED

Message text	Inbound traffic exceeded the total bandwidth usage threshold [STRING] Mbps.
Variable fields	$1: Inbound bandwidth usage threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_BANDWIDTH_EXCEED: Inbound traffic exceeded the total bandwidth usage threshold 100 Mbps
Explanation	The total inbound bandwidth was equal to or greater than the threshold within a period.
Recommended action	Decrease the total inbound traffic or add new devices to share the load.

MONITOR_BANDWIDTH_BELOW

Message text	Inbound traffic dropped below total bandwidth usage threshold.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_BANDWIDTH_BELOW: Inbound traffic dropped below total bandwidth usage threshold.
Explanation	After the device sent bandwidth usage alarms, the total inbound bandwidth decreased below the inbound bandwidth usage threshold.
Recommended action	No action is required.

MONITOR_BLADE_CONTEXT_EXCEED

Message text	Number of contexts in security engine group [STRING] reached Level [STRING] threshold [STRING]. Only basic firewall services that are not CPU or memory intensive can be configured, for example, NAT and security policy.
Variable fields	$1: Engine group ID. $2: Threshold level. $3: Context number threshold.
Severity level	5
Example	SECDIAG/5/MONITOR_BLADE_CONTEXT_EXCEED: Number of contexts in security engine group 1 reached Level 1 threshold 60. Only basic firewall services that are not CPU or memory intensive can be configured, for example, NAT and security policy.
Explanation	When the number of contexts in a security engine group reaches the level 1 threshold, a minor alarm message is generated. The threshold value cannot be modified.
Recommended action	Remove the currently unused contexts or expand the device capacity.

Message text	Number of contexts in security engine group [STRING] reached Level [STRING] threshold [STRING]. No more contexts can be created.
Variable fields	$1: Engine group ID. $2: Threshold level. $3: Context number threshold.
Severity level	4
Example	SECDIAG/4/MONITOR_BLADE_CONTEXT_EXCEED: Number of contexts in security engine group 1 reached Level 2 threshold 120. No more contexts can be created.
Explanation	When the number of contexts in a security engine group reaches the level 2 threshold, a severe alarm message is generated. The threshold value cannot be modified.
Recommended action	Remove the currently unused contexts or expand the device capacity.

MONITOR_BLADE_CONTEXT_BELOW

Message text	Number of contexts in security engine group [STRING] dropped below Level [STRING] threshold [STRING].
Variable fields	$1: Engine group ID. $2: Threshold level. $3: Context number threshold.
Severity level	6
Example	Minor alarm clear message: SECDIAG/6/MONITOR_BLADE_CONTEXT_BELOW: Number of contexts in security engine group 1 dropped below Level 1 threshold 60. Severe alarm clear message: SECDIAG/6/MONITOR_BLADE_CONTEXT_BELOW: Number of contexts in security engine group 1 dropped below Level 2 threshold 120.
Explanation	· When the number of contexts in a security engine group drops below the level 1 threshold, the minor alarm is cleared. · When the number of contexts in a security engine group drops below the level 2 threshold, the severe alarm is cleared.
Recommended action	No action is required.

MONITOR_BLADE_CONTEXT_CLOSE

Message text	Disabled monitoring of the number of contexts in a security engine group. Adding too many contexts to a security engine group might cause system resource exhaustion and device exceptions.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_BLADE_CONTEXT_CLOSE: Disabled monitoring of the number of contexts in a security engine group. Adding too many contexts to a security engine group might cause system resource exhaustion and device exceptions.
Explanation	This message is generated when the system is disabled from monitoring the number of contexts in a security engine group.
Recommended action	No action is required.

MONITOR_CONTEXT_CLOSE

Message text	Disabled monitoring of the number of contexts. Add contexts with caution. Adding too many contexts might cause system resource exhaustion and device exceptions.
Variable fields	N/A
Severity level	6
Example	SECDIAG/6/MONITOR_CONTEXT_CLOSE: Disabled monitoring of the number of contexts. Add contexts with caution. Adding too many contexts might cause system resource exhaustion and device exceptions.
Explanation	This message is generated when the system is disabled from monitoring the number of contexts.
Recommended action	No action is required.

SECP messages

This section contains security policy messages.

SECP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] security-policy. The resources are insufficient.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NO_RES: Failed to accelerate IPv6 security-policy. The resources are insufficient.
Explanation	Security policy rule matching acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for the security policy of the other version to release hardware resources.

SECP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] security-policy. The operation is not supported.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 security-policy. The operation is not supported.
Explanation	Security policy rule matching acceleration failed because the system does not support acceleration.
Recommended action	No action is required.

SECP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] security-policy.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 security-policy.
Explanation	Security policy rule matching acceleration failed because of a system failure.
Recommended action	No action is required.

SESSION messages

This section contains session messages.

DENY_SESSION_IPV4_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Application service type. $4: Source IP address. $5: Source port number. $6: Source IP address after translation. $7: Source port number after translation. $8: Destination IP address. $9: Destination port number. $10: Destination IP address after translation. $11: Destination port number after translation. $12: Total number of inbound packets. $13: Total number of inbound bytes. $14: Total number of outbound packets. $15: Total number of outbound bytes. $16: Source VPN instance name. $17: Destination VPN instance name. $18: Source DS-Lite tunnel. $19: Destination DS-Lite tunnel. $20: Session creation time. $21: Session removal time. $22: Event type. $23: Event description: ¡ Session created. ¡ Normal over. ¡ Aged for timeout. ¡ Other.
Severity level	6
Example	SESSION/6/DENY_SESSION_IPV4_FLOW:Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent when an IPv4 deny session is created or removed.
Recommended action	No action is required.

DENY_SESSION_IPV6_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Application service type. $4: Source IPv6 address. $5: Source port number. $6: Destination IPv6 address. $7: Destination port number. $8: Total number of inbound packets. $9: Total number of inbound bytes. $10: Total number of outbound packets. $11: Total number of outbound bytes. $12: Source VPN instance name. $13: Destination VPN instance name. $14: Session creation time. $15: Session removal time. $16: Event type. $17: Event description: ¡ Session created. ¡ Normal over. ¡ Aged for timeout. ¡ Other.
Severity level	6
Example	SESSION/6/DENY_SESSION_IPV6_FLOW:Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent when an IPv6 deny session is created or removed.
Recommended action	No action is required.

SESSION_IPV4_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Application service type. $4: Source IP address. $5: Source port number. $6: Source IP address after translation. $7: Source port number after translation. $8: Destination IP address. $9: Destination port number. $10: Destination IP address after translation. $11: Destination port number after translation. $12: Total number of inbound packets. $13: Total number of inbound bytes. $14: Total number of outbound packets. $15: Total number of outbound bytes. $16: Source VPN instance name. $17: Destination VPN instance name. $18: Source DS-Lite tunnel. $19: Destination DS-Lite tunnel. $20: Session creation time. $21: Session removal time. $22: Event type. $23: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV4_FLOW:Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached.
Recommended action	No action is required.

SESSION_IPV6_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];Category(1174)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Application service type. $4: Source IPv6 address. $5: Source port number. $6: Destination IP address. $7: Destination port number. $8: Total number of inbound packets. $9: Total number of inbound bytes. $10: Total number of outbound packets. $11: Total number of outbound bytes. $12: Source VPN instance name. $13: Destination VPN instance name. $14: Session creation time. $15: Session removal time. $16: Event type. $17: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV6_FLOW:Protocol(1001)=UDP;Application(1002)=sip;Category(1174)=aaa;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached.
Recommended action	No action is required.

SESSION_LIMIT

Message text	Pattern 1: -Context=1; The number of concurrent unicast sessions reached the upper limit on [STRING]. Pattern 2： -[STRING]; The number of concurrent unicast sessions reached the upper limit. Pattern 3： -Context=1; The session rate reached the upper limit on[STRING]. Pattern 4： -[STRING]; The session rate reached the upper limit. Pattern 5： -Context=1; The number of deny sessions reached the upper limit on [STRING]. Pattern 6： -[STRING]; The number of deny sessions reached the upper limit. Pattern 7： -Context=1; The deny session rate reached the upper limit on [STRING]. Pattern 8： -[STRING]; The deny session rate reached the upper limit.
Variable fields	$1: Context ID and vSystem ID
Severity level	6
Example	SESSION/6/SESSION_LIMIT: -Context=1; The number of concurrent unicast sessions reached the upper limit on vSystem 2 of context 2. SESSION/6/SESSION_LIMIT: -Context=2; vSystem=2; The number of concurrent unicast sessions reached the upper limit. SESSION/6/SESSION_LIMIT: -Context=1; The session rate reached the upper limit on vSystem 2 of context 2. SESSION/6/SESSION_LIMIT: -Context=2; vSystem=2; The session rate reached the upper limit. SESSION/6/SESSION_LIMIT: -Context=1; The number of deny sessions reached the upper limit on context 2. SESSION/6/SESSION_LIMIT: -Context=2; The number of deny sessions reached the upper limit. SESSION/6/SESSION_LIMIT: -Context=1; The deny session rate reached the upper limit on context 2. SESSION/6/SESSION_LIMIT: -Context=2; The deny session rate reached the upper limit.
Explanation	Pattern 1: This message is generated on default contexts when the number of concurrent unicast sessions reached the upper limit for non-default contexts and vSystems. Pattern 2: This message is generated on non-default contexts and vSystems when the number of concurrent unicast sessions reached the upper limit. Pattern 3: This message is generated on default contexts when the session creation rate reached the upper limit for non-default contexts and vSystems. Pattern 4: This message is generated on non-default contexts and vSystems when the session creation rate reached the upper limit. Pattern 5: This message is generated on default contexts when the number of concurrent deny sessions reached the upper limit for non-default contexts. Pattern 6: This message is generated on non-default contexts when the number of concurrent deny sessions reached the upper limit. Pattern 7: This message is generated on default contexts when the deny session creation rate reached the upper limit for non-default contexts. Pattern 8: This message is generated on non-default contexts when deny session creation rate reached the upper limit.
Recommended action	No action is required.

‌

SFLOW messages

This section contains sFlow messages.

SFLOW_HARDWARE_ERROR

Message text	Failed to [STRING] on interface [STRING] due to [STRING].
Variable fields	$1: Configuration item: update sampling mode $2: Interface name. $3: Failure reason: not supported operation
Severity level	4
Example	SFLOW/4/SFLOW_HARDWARE_ERROR: Failed to update sampling mode on interface GigabitEthernet1/0/1 due to not supported operation.
Explanation	The configuration failed because the device does not support the fixed flow sampling mode.
Recommended action	Specify the random flow sampling mode.

SHELL messages

This section contains shell messages.

SHELL_CMD

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING]
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=-User=; Command is quit
Explanation	A command was executed.
Recommended action	No action is required.

SHELL_CMD_CONFIRM

Message text	Confirm option of command [STRING] is [STRING].
Variable fields	$1: Command string. $2: Confirm option.
Severity level	6
Example	SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no.
Explanation	A user selected a confirmation option for a command.
Recommended action	No action is required.

SHELL_CMD_EXECUTEFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed.
Explanation	A command deployed by a background program failed to be executed.
Recommended action	No action is required.

SHELL_CMD_INPUT

Message text	Input string for the [STRING] command is [STRING].
Variable fields	$1: Command string. $2: String entered by the user.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key.
Explanation	A user responded to the input requirement of a command.
Recommended action	No action is required.

SHELL_CMD_INPUT_TIMEOUT

Message text	Operation timed out: Getting input for the [STRING] command.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command.
Explanation	The user did not respond to the input requirement of a command before the timeout timer expired.
Recommended action	No action is required.

SHELL_CMD_MATCHFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.
Explanation	The command string has errors, or the view does not support the command.
Recommended action	Enter the correct command string. Make sure the command is supported in the view.

SHELL_CMDDENY

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is denied.
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	5
Example	SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.
Explanation	The user did not have the right to execute the command.
Recommended action	No action is required.

SHELL_CMDFAIL

Message text	The [STRING] command failed to restore the configuration.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration.
Explanation	A command was not restored during a configuration rollback from a .cfg file.
Recommended action	No action is required.

SHELL_COMMIT

Message text	The configuration has been committed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT: The configuration has been committed.
Explanation	The commit operation succeeded.
Recommended action	No action is required.

SHELL_COMMIT_DELAY

Message text	A configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_DELAY: A configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was set successfully.
Recommended action	Complete and commit the configuration before the timer expires. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration.

SHELL_COMMIT_REDELAY

Message text	The commit delay has been reset, a configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer reconfigured.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_REDELAY: The commit delay has been reset, a configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was reconfigured before the timer expires.
Recommended action	No action is required.

SHELL_COMMIT_ROLLBACK

Message text	The configuration commit delay is overtime, a configuration rollback will be performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed.
Explanation	The configuration commit delay timer expired. A configuration rollback will occur.
Recommended action	Stop configuring the device and wait for the rollback to finish.

SHELL_COMMIT_ROLLBACKDONE

Message text	The configuration rollback has been performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed.
Explanation	The configuration rollback was finished.
Recommended action	You can continue to configure the device as required.

SHELL_COMMIT_ROLLBACKFAILED

Message text	Settings for some commands were not rolled back upon expiration of the configuration commit delay timer. Reason: Configuration rollback is not supported for those commands.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACKFAILED: Settings for some commands were not rolled back upon expiration of the configuration commit delay timer. Reason: Configuration rollback is not supported for those commands.
Explanation	A configuration rollback occurred when the configuration commit delay timer expired. However, some commands were not rolled back.
Recommended action	Read SHELL log messages to identify the commands that failed to be rolled back.

SHELL_COMMIT_WILLROLLBACK

Message text	A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_WILLROLLBACK: A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Explanation	A configuration rollback will be performed in 1 minute.
Recommended action	Complete the configuration within 1 minute and commit the configuration, or execute the configuration commit delay command again to delay the expiration.

SHELL_CRITICAL_CMDFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command=[STRING] .
Variable fields	$1: Username. $2: IP address. $3: Command string.
Severity level	6
Example	SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save.
Explanation	A command failed to be executed.
Recommended action	No action is required.

SHELL_LOGIN

Message text	[STRING] logged in from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGIN: Console logged in from console0.
Explanation	A user logged in.
Recommended action	No action is required.

SHELL_LOGOUT

Message text	[STRING] logged out from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGOUT: Console logged out from console0.
Explanation	A user logged out.
Recommended action	No action is required.

SLSP messages

This section contains static LSP messages.

SLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static LSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static LSP name.
Severity level	4
Example	SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate.
Explanation	The incoming label of a static LSP was occupied by another configuration, for example, by a static PW or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static LSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static LSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static LSP, and reconfigure it with another incoming label.

SMLK messages

This section contains Smart Link messages.

SMLK_LINK_SWITCH

Message text	Status of port [STRING] in smart link group [UINT16] changes to active.
Variable fields	$1: Port name. $2: Smart link group ID.
Severity level	4
Example	SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet0/1/4 in smart link group 1 changes to active.
Explanation	The port takes over to forward traffic after the original active port fails.
Recommended action	Remove the network faults.

SNMP messages

This section contains SNMP messages.

AGENTX

Message text	Failed to initiate AgentX. Another service is using the AgentX listening port.
Variable fields	N/A
Severity level	4
Example	SNMP/4/AGENTX: Failed to initiate AgentX. Another service is using the AgentX listening port.
Explanation	AgentX is initiated when SNMP is enabled. The AgentX listening port is TCP port 705. If the port is occupied by another service, AgentX failes to be initiated.
Recommended action	1. Execute the display tcp verbose command to identify the process that occupies TCP port 705. 2. Diable the feature running the process. 3. Renable SNMP.

SNMP_ACL_RESTRICTION

Message text	SNMP [STRING] from [STRING] is rejected due to ACL restriction.
Variable fields	$1: SNMP community/usm-user/group. $2: IP address of the NMS.
Severity level	3
Example	SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions.
Explanation	SNMP packets are denied because of ACL restrictions.
Recommended action	Check the ACL configuration on the SNMP agent, and check if the agent was attacked.

SNMP_AUTHENTICATION_FAILURE

Message text	Failed to authenticate SNMP message.
Variable fields	N/A
Severity level	4
Example	SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message.
Explanation	An NMS failed to be authenticated by the agent.
Recommended action	No action is required.

SNMP_GET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet.
Severity level	6
Example	SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message.
Explanation	SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_INFORM_LOST

Message text	Inform failed to reach NMS through [STRING]: Inform [STRING][STRING].
Variable fields	$1: NMS host address and port number. $2: Notification name and OID. $3: Variable-binding field of notifications. · If no MIB object exists, NMS host address and port number and notification name and OID are displayed. · If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	3
Example	SNMP/3/SNMP_INFORM_LOST: Inform failed to reach NMS through 192.168.111.222(163): Inform coldStart(1.3.6.1.6.3.1.1.5.1).
Explanation	If the SNMP agent sends an Inform packet to an NMS and does not receive any response, the SNMP agent determines that the NMS is unreachable. The agent will print the message for issue location. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment.
Recommended action	Identify whether the SNMP agent and the NMS are reachable to each other.

SNMP_NOTIFY

Message text	Notification [STRING][STRING].
Variable fields	$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	6
Example	Example of a complete message: SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console. Example of a fragmented message: SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=1; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgFacility(1.3.6.1.2.1.192.1.2.1.2.1)=23;syslogMsgSeverity(1.3.6.1.2.1.192.1.2.1.3.1)=6;syslogMsgVersion(1.3.6.1.2.1.192.1.2.1.4.1)=1;syslogMsgTimeStamp(1.3.6.1.2.1.192.1.2.1.5.1)=07-e2-04-12-12-26-35-00-00-00-2d-00-00[hex];syslogMsgHostName(1.3.6.1.2.1.192.1.2.1.6.1)=H3C;syslogMsgAppName(1.3.6.1.2.1.192.1.2.1.7.1)=SHELL;syslogMsgProcID(1.3.6.1.2.1.192.1.2.1.8.1)=-;syslogMsgMsgID(1.3.6.1.2.1.192.1.2.1.9.1)=SHELL_CMD;syslogMsgSDParams(1.3.6.1.2.1.192.1.2.1.10.1)=4;syslogMsgMsg(1.3.6.1.2.1.192.1.2.1.11.1)= Command is snmp-agent trap enable syslog;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.1.12.83.121.115.76.111.99.64.50.53.53.48.54.3.77.68.67)=1;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.2.12.65.112.112.76.111.99.64.50.53.53.48.54.4.76.105.110.101)=con0. SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=2; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.3.12.65.112.112.76.111.99.64.50.53.53.48.54.6.73.80.65.100.100.114)=;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.4.12.65.112.112.76.111.99.64.50.53.53.48.54.4.85.115.101.114)=.
Explanation	The SNMP agent sent a notification. The system logs SNMP operations only when SNMP logging is enabled. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment.
Recommended action	No action is required.

SNMP_SET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation.
Severity level	6
Example	SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message.
Explanation	SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_USM_NOTINTIMEWINDOW

Message text	-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window.
Variable fields	$1: Username. $2: IP address of the NMS.
Severity level	4
Example	SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window.
Explanation	The SNMPv3 message is not in the time window.
Recommended action	No action is required.

SSH messages

This section contains Secure Shell (SSH) messages.

SSH_WEAK_CIPHER_ALGORITHM

Message text	SSH is configured to support CBC encryption, which may allow an attacker to recover the plaintext message from the ciphertext.
Variable fields	N/A
Severity level	5
Example	SSH/5/SSH_WEAK_CIPHER_ALGORITHM: SSH is configured to support CBC encryption, which may allow an attacker to recover the plaintext message from the ciphertext.
Explanation	The SSH client or server is configured with insecure encryption algorithms, such as 3DES-CBC, 128-bit AES-CBC, 256-bit AES-CBC, and DES-CBC.
Recommended action	Use the ssh2 algorithm cipher command to configure secure encryption algorithms.

‌

SSH_WEAK_MAC_ALGORITHM

Message text	SSH is configured to support MD5 or 96-bit HMAC algorithms, which are weak.
Variable fields	N/A
Severity level	5
Example	SSH/5/SSH_WEAK_MAC_ALGORITHM: SSH is configured to support MD5 or 96-bit HMAC algorithms, which are weak.
Explanation	The SSH client or server is configured with weak HMAC algorithms, such as HMAC-MD5, HMAC-MD5-96, and HMAC-SHA1-96.
Recommended action	Use the ssh2 algorithm mac command to configure strong HMAC algorithms.

‌

SSHC messages

This section contains SSH client messages.

SSHC_ALGORITHM_MISMATCH

Message text	Failed to log in to SSH server [STRING] because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHC/6/SSHC_ALGORITHM_MISMATCH: Failed to log in to SSH server 192.168.30.11 because of encryption algorithm mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different algorithms.
Recommended action	Make sure the SSH client and the SSH server use the same algorithm.

SSHS messages

This section contains SSH server messages.

SSHS_ACL_DENY

Message text	The SSH connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT16]).
Variable fields	$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs. $3: ID of the ACL rule that denies the login of the SSH client. If the SSH client is denied by the default rule, default rule is displayed in this field.
Severity level	5
Example	SSHS/5/SSH_ACL_DENY: The SSH connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). SSHS/5/SSH_ACL_DENY: The SSH connection request from 181.1.1.11 was denied by ACL rule (default rule).
Explanation	An SSH client failed to connect to the SSH server because the client's IP address matched a deny rule of the SSH login control ACL.
Recommended action	No action is required.

SSHS_ALGORITHM_MISMATCH

Message text	SSH client [STRING] failed to log in because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different algorithms.
Recommended action	Make sure the SSH client and the SSH server use the same algorithm.

SSHS_AUTH_EXCEED_RETRY_TIMES

Message text	SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit.
Variable fields	$1: User name. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit.
Explanation	The number of authentication attempts by an SSH user reached the upper limit.
Recommended action	Prompt the SSH user to use the correct login data to try again.

SSHS_AUTH_FAIL

Message text	SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Failure reasons: ¡ Wrong public key algorithm. ¡ Wrong public key. ¡ Wrong digital signature.
Severity level	5
Example	SSHS/5/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm.
Explanation	An SSH user failed the publickey authentication.
Recommended action	Tell the SSH user to try to log in again.

SSHS_AUTH_TIMEOUT

Message text	Authentication timed out for [IPADDR].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1.
Explanation	The authentication timeout timer expired, and the SSH user failed the authentication.
Recommended action	Make sure the SSH user enters correct authentication information before the authentication timeout timer expires.

SSHS_CONNECT

Message text	SSH user [STRING] (IP: [STRING]) connected to the server successfully.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully.
Explanation	An SSH user logged in to the server successfully.
Recommended action	No action is required.

SSHS_DECRYPT_FAIL

Message text	The packet from [STRING] failed to be decrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC.
Severity level	5
Example	SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc.
Explanation	A packet from an SSH client failed to be decrypted.
Recommended action	No action is required.

SSHS_DISCONNECT

Message text	SSH user [STRING] (IP: [STRING]) disconnected from the server.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server.
Explanation	An SSH user logged out.
Recommended action	No action is required.

SSHS_DSA_KEY_LENGTH_ERROR

Message text	DSA key length out of range.
Variable fields	N/A
Severity level	5
Example	SSHS/5/SSHS_DSA_KEY_LENGTH_ERROR: DSA key length out of range.
Explanation	The public key algorithm negotiated between the SSH client and SSH server is the DSA algorithm. The key modulus length of the DSA key pair generated on the SSH server is greater than or equal to 2048 bits.
Recommended action	Generate a DSA key pair on the SSH server with a key modulus length of less than 2048 bits.

SSHS_ENCRYPT_FAIL

Message text	The packet to [STRING] failed to be encrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc.
Severity level	5
Example	SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc.
Explanation	A packet to an SSH client failed to be encrypted.
Recommended action	No action is required.

SSHS_LOG

Message text	Authentication failed for [STRING] from [STRING] port [INT32] because of invalid username or wrong password.
Variable fields	$1: IP address of the SSH client. $2: Username. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_LOG: Authentication failed for David from 140.1.1.46 port 16266 because of invalid username or wrong password.
Explanation	An SSH user failed password authentication because the username or password was wrong.
Recommended action	No action is required.

SSHS_MAC_ERROR

Message text	SSH server received a packet with wrong message authentication code (MAC) from [STRING].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117.
Explanation	The SSH server received a packet with a wrong MAC from a client.
Recommended action	No action is required.

SSHS_REACH_SESSION_LIMIT

Message text	SSH client [STRING] failed to log in. The number of SSH sessions is [NUMBER], and exceeded the limit ([NUMBER]).
Variable fields	$1: IP address of the SSH client. $2: Number of SSH clients that have logged in to the SSH server. $3: Maximum number of SSH clients that the SSH server supports.
Severity level	6
Example	SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The number of SSH sessions is 10, and exceeded the limit (10).
Explanation	The number of SSH sessions reached the upper limit.
Recommended action	No action is required.

SSHS_REACH_USER_LIMIT

Message text	SSH client [STRING] failed to log in, because the number of users reached the upper limit.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit.
Explanation	The number of SSH users reached the upper limit.
Recommended action	No action is required.

SSHS_SCP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SCP client. $3: Requested file operations: ¡ get file "name"'—Downloads the file name from the SCP server. ¡ put file "name"—Uploads the file name to the SCP server.
Severity level	6
Example	SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa".
Explanation	The SCP sever received an operation request from an SCP client.
Recommended action	No action is required.

SSHS_SFTP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: ¡ open dir "path"—Opens the directory path. ¡ open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in mode MODE. ¡ remove file "path"—Deletes the file path. ¡ mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code. ¡ rmdir "path"—Deletes the directory path. ¡ rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name.
Severity level	6
Example	SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/".
Explanation	The SFTP sever received an operation request from an SFTP client.
Recommended action	No action is required.

SSHS_SRV_UNAVAILABLE

Message text	The [STRING] server is disabled or the [STRING] service type is not supported.
Variable fields	$1: Service type: Stelnet, SCP, SFTP, or NETCONF.
Severity level	6
Example	SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported.
Explanation	The Stelnet, SCP, SFTP, or NETCONF over SSH service was not available. The server was terminating the connection.
Recommended action	Check the service status or user configuration.

SSHS_VERSION_MISMATCH

Message text	SSH client [STRING] failed to log in because of version mismatch.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different SSH versions.
Recommended action	Make sure the SSH client and the SSH server use the same SSH version.

SSL messages

This section contains SSL messages.

SSL_CLIENT_INSECURE_SUITE

Message text	An insecure cipher suite that contains DES, 3DES, RC4, or MD5 was configured in SSL client policy view.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_CLIENT_INSECURE_SUITE: An insecure cipher suite that contains DES, 3DES, RC4, or MD5 was configured in SSL client policy view.
Explanation	An insecure cipher suite that contains DES, 3DES, RC4, or MD5 was configured in SSL client policy view.
Recommended action	Use the prefer-cipher command to configure more secure cipher suites.

SSL_CLIENT_INSECURE_VERSION

Message text	An SSL version lower than TLS 1.2 was configured in SSL client policy view.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_CLIENT_INSECURE_VERSION: An SSL version lower than TLS 1.2 was configured in SSL client policy view.
Explanation	An SSL version lower than TLS 1.2 was configured in SSL client policy view.
Recommended action	Use the version command to specify a higher SSL version.

SSL_GLOBAL_INSECURE_VERSION

Message text	An SSL version lower than TLS 1.2 was configured in system view.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_GLOBAL_INSECURE_VERSION: An SSL version lower than TLS 1.2 was configured in system view.
Explanation	An SSL version lower than TLS 1.2 was configured in system view.
Recommended action	Use the ssl version disable command to configure a higher SSL version.

SSL_RENEGOTIATION_ENABLE

Message text	SSL renegotiation was enabled.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_RENEGOTIATION_ENABLE: SSL renegotiation was enabled.
Explanation	SSL renegotiation was enabled.
Recommended action	The SSL session renegotiation feature enables the SSL client and server to reuse a previously negotiated SSL session for an abbreviated handshake, which causes less computational overhead to the system. As a best practice to avoid potential risks, use the renegotiation disable command to disable SSL session renegotiation.

SSL_SERVER_INSECURE_SUITE

Message text	In the SSL server policy view, an insecure cipher suite including DES, 3DES, RC4, or MD5 is configured.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_SERVER_INSECURE_SUITE: In the SSL server policy view, an insecure cipher suite that contains DES, 3DES, RC4, or MD5 was configured.
Explanation	In the SSL server policy view, an insecure cipher suite that contains DES, 3DES, RC4, or MD5 was configured.
Recommended action	Use the ciphersuite command to configure more secure cipher suites.

SSL_SERVER_INSECURE_VERSION

Message text	An SSL version lower than TLS 1.2 was configured in SSL server policy view.
Variable fields	None.
Severity level	5
Example	SSL/5/SSL_SERVER_INSECURE_VERSION: An SSL version lower than TLS 1.2 was configured in SSL server policy view.
Explanation	An SSL version lower than TLS 1.2 was configured in SSL server policy view.
Recommended action	Use the version disable command to configure a higher SSL version.

SSL VPN messages

This section contains SSL VPN messages.

SSLVPN_ADD_CONTENT_TYPE

Message text	Set the content type for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTENT_TYPE: Set the content type for file policy fp1 in context ctx1.
Explanation	The type of file to be rewritten was set for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_CONTENT_TYPE_FAILED

Message text	Failed to set the content type for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTENT_TYPE_FAILED: Failed to set the content type for file policy fp1 in context ctx1.
Explanation	Failed to set the type of file to be rewritten for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_CONTEXT

Message text	Created SSL VPN context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTEXT: Created SSL VPN context ctx1.
Explanation	An SSL VPN context was created.
Recommended action	No action is required.

SSLVPN_ADD_CONTEXT_FAILED

Message text	Failed to create SSL VPN context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTEXT_FAILED: Failed to create SSL VPN context ctx1.
Explanation	Failed to create an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_EXCROUTEITEM

Message text	Added exclude route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_EXCROUTEITEM: Added exclude route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	An exclude route was added to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_EXCROUTEITEM_FAILED

Message text	Failed to add exclude route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_EXCROUTEITEM_FAILED: Failed to add exclude route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	Failed to add an exclude route to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_FILEPOLICY

Message text	Created file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_FILEPOLICY: Created file policy fp1 in context ctx1.
Explanation	A file policy was created.
Recommended action	No action is required.

SSLVPN_ADD_FILEPOLICY_FAILED

Message text	Failed to create file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_FILEPOLICY_FAILED: Failed to create file policy fp1 in context ctx1.
Explanation	Failed to create a file policy.
Recommended action	No action is required.

SSLVPN_ADD_GATEWAY

Message text	Created SSL VPN gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_GATEWAY: Created SSL VPN gateway gw1.
Explanation	An SSL VPN gateway was created.
Recommended action	No action is required.

SSLVPN_ADD_GATEWAY_FAILED

Message text	Failed to create SSL VPN gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_GATEWAY_FAILED: Failed to create SSL VPN gateway gw1.
Explanation	Failed to create an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_ADD_INCROUTEITEM

Message text	Added include route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_INCROUTEITEM: Added include route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	An include route was added to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_INCROUTEITEM_FAILED

Message text	Failed to add include route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_INCROUTEITEM_FAILED: Failed to add include route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	Failed to add an include route to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPADDRESSPOOL

Message text	Created IP address pool [STRING] start-IP [STRING] end-IP [STRING].
Variable fields	$1: Name of the IP address pool. $2: Start IP address of the address pool. $3: End IP address of the address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPADDRESSPOOL: Created IP address pool pool1 start-IP 20.1.1.1 end-IP 20.1.1.100.
Explanation	An address pool was created.
Recommended action	No action is required.

SSLVPN_ADD_IPADDRESSPOOL_FAILED

Message text	Failed to create IP address pool [STRING] start-IP [STRING] end-IP [STRING]
Variable fields	$1: Name of the IP address pool. $2: Start IP address of the address pool. $3: End IP address of the address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPADDRESSPOOL_FAILED: Failed to create IP address pool pool1 start-IP 20.1.1.1 end-IP 20.1.1.100.
Explanation	Failed to create an address pool.
Recommended action	Verify that the address pool to be created does not contain addresses that are already contained in existing address pools.

SSLVPN_ADD_IPTUNNELACIF

Message text	Specified SSL VPN AC interface [STRING] in context [STRING].
Variable fields	$1: Number of an SSL VPN AC interface. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPTUNNELACIF: Specified SSL VPN AC interface SSLVPN-AC1 in context ctx.
Explanation	An SSL VPN AC interface was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPTUNNELACIF_FAILED

Message text	Failed to specify SSL VPN AC interface [STRING] in context [STRING]
Variable fields	$1: Number of an SSL VPN AC interface. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPTUNNELACIF_FAILED: Failed to specify SSL VPN AC interface SSLVPN-AC1 in context ctx.
Explanation	Failed to specify an SSL VPN AC interface in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPV4_RANGE

Message text	Specified IPv4 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv4 address of the SSL VPN SNAT address pool. $2: End IPv4 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV4_RANGE: Specified IPv4 address range (start-IP 192.168.1.1 end-IP 192.168.1.10) for SNAT pool sp1.
Explanation	An IPv4 address range was specified for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV4_RANGE_FAILED

Message text	Failed to specify IPv4 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv4 address of the SSL VPN SNAT address pool. $2: End IPv4 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV4_RANGE_FAILED: Failed to specify IPV4 address range (start-IP 192.168.1.1 end-IP 192.168.1.10) for SNAT pool sp1.
Explanation	Failed to specify the IPv4 address range for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV6_RANGE

Message text	Specified IPv6 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv6 address of the SSL VPN SNAT address pool. $2: End IPv6 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV6_RANGE: Specified IPv6 address range (start-IP 2000::1 end-IP 2000::10) for SNAT pool sp1.
Explanation	An IPv6 address range was specified for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV6_RANGE_FAILED

Message text	Failed to specify IPv6 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv6 address of the SSL VPN SNAT address pool. $2: End IPv6 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV6_RANGE_FAILED: Failed to specify IPv6 address range (start-IP 2000::1 end-IP 2000::10) for SNAT pool sp1.
Explanation	Failed to specify the IPv6 address range for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_LOCALPORT

Message text	Added port forwarding entry local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] in port forwarding list [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding entry. This field is empty if no description is configured. $6: Port forwarding list name. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_LOCALPORT: Added port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 in port forwarding list pflist1 in context ctx. · SSLVPN/6/SSLVPN_ADD_LOCALPORT: Added port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 description http in port forwarding list pflist1 in context ctx.
Explanation	A port forwarding entry was added to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_LOCALPORT_FAILED

Message text	Failed to add port forwarding entry local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] in port forwarding list [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding entry. This field is empty if no description is configured. $6: Port forwarding list name. $7: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_LOCALPORT_FAILED: Failed to add port forwarding entry ocal-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 in port forwarding list pflist1 in context ctx. SSLVPN/6/SSLVPN_ADD_LOCALPORT_FAILED: Failed to add port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 description http in port forwarding list pflist1 in context ctx.
Explanation	Failed to add a port forwarding entry to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_NEWCONTENT

Message text	Specified new content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: New content used to replace the old content. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_NEWCONTENT: Specified new content sslvpn rewrite htmlcode(d); for rewrite rule rw in file policy fp in context ctx.
Explanation	The new content used to replace the old content was specified for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_NEWCONTENT_FAILED

Message text	Failed to specify new content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: New content used to replace the old content. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_NEWCONTENT_FAILED: Failed to specify new content sslvpn rewrite htmlcode(d); for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to specify the new content used to replace the old content for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_OLDCONTENT

Message text	Specified old content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Old file content to be replaced. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_OLDCONTENT: Specified old content a.b.c.innerHTML = d; for rewrite rule rw in file policy fp in context ctx.
Explanation	The old file content to be replaced was specified for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_OLDCONTENT_FAILED

Message text	Failed to specify old content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Old file content to be replaced. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_OLDCONTENT_FAILED: Failed to specify old content a.b.c.innerHTML = d; for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to specify the old file content to be replaced for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD

Message text	Created port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD: Created port forwarding list pf in context ctx1.
Explanation	A port forwarding list was created.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_FAILED

Message text	Failed to create port forwarding list [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_FAILED: Failed to create port forwarding list pf in context ctx1.
Explanation	Failed to create a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_ITEM

Message text	Created port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_ITEM: Created port forwarding item pfitem in context ctx1.
Explanation	A port forwarding item was created.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_ITEM_FAILED

Message text	Failed to create port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_ITEM_FAILED: Failed to create port forwarding item pfitem in context ctx1.
Explanation	Failed to create a port forwarding item.
Recommended action	No action is required.

SSLVPN_ADD_PYGROUP

Message text	Created policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PYGROUP: Created policy group pg in context ctx1.
Explanation	A policy group was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_PYGROUP_FAILED

Message text	Failed to create policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PYGROUP_FAILED: Failed to create policy group pg in context ctx1.
Explanation	Failed to create a policy group in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFER_PFWDITEM

Message text	Assigned port forwarding item [STRING] to port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_PFWDITEM: Assigned port forwarding item pfitem1 to port forwarding list pflist1 in context ctx1.
Explanation	A port forwarding item was assigned to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_REFER_PFWDITEM_FAILED

Message text	Failed to assign port forwarding item [STRING] to port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_PFWDITEM_FAILED: Failed to assign port forwarding item pfitem1 to port forwarding list pflist1 in context ctx1.
Explanation	Failed to assign a port forwarding item to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_REFER_SCUTLIST

Message text	Assigned shortcut list [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_SCUTLIST: Assigned shortcut list scutlist1 to policy group pg in context ctx1.
Explanation	A shortcut list was assigned to an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERIPACL

Message text	Added IP access filter [STRING] ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERIPACL: Added IP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for IP access filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERIPACL_FAILED

Message text	Failed to add IP access filter [STRING] ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERIPACL_FAILED: Failed to add IP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	Failed to specify an ACL for IP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERPORTFWD

Message text	Specified port forwarding list [STRING] for policy-group [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERPORTFWD: Specified port forwarding list pf for policy-group pg in context ctx1.
Explanation	A port forwarding list was assigned to a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERPORTFWD_FAILED

Message text	Failed to specify port forwarding list [STRING] for policy-group [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERPORTFWD_FAILED: Failed to specify port forwarding list pf for policy-group pg in context ctx1.
Explanation	Failed to assign a port forwarding list to a policy group.
Recommended action	Make sure a port forwarding list exists before you assign it to a policy group.

SSLVPN_ADD_REFERSCUTLIST_FAILED

Message text	Failed to assign shortcut list [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSCUTLIST_FAILED: Failed to assign shortcut list scutlist1 to policy group pg in context ctx1.
Explanation	Failed to assign a shortcut list to an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERSHORTCUT

Message text	Assigned shortcut [STRING] to shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSHORTCUT: Assigned shortcut shortcut1 to shortcut list scutlist1 in context ctx1.
Explanation	A shortcut was assigned to a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_REFERSHORTCUT_FAILED

Message text	Failed to assign shortcut [STRING] to shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSHORTCUT_FAILED: Failed to assign shortcut shortcut1 to shortcut list scutlist1 in context ctx1.
Explanation	Failed to assign a shortcut to a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_REFERSNATPOOL

Message text	Specified SNAT pool [STRING] for context [STRING].
Variable fields	$1: SNAT address pool name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSNATPOOL: Specified SNAT pool sp1 for context ctx1.
Explanation	A SNAT address pool was assigned to an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFERSNATPOOL_FAILED

Message text	Failed to specify SNAT pool [STRING] for context [STRING].
Variable fields	$1: SNAT address pool name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSNATPOOL_FAILED: Failed to specify SNAT pool sp1 for context ctx1.
Explanation	Failed to assign a SNAT address pool to an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFERTCPACL

Message text	Added TCP access filter [String] ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERTCPACL: Added TCP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for TCP access filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERTCPACL_FAILED

Message text	Failed to add TCP access filter [STRING] ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERTCPACL_FAILED: Failed to add TCP access filter ACL 3000 in policy group pgroup in context ctx1
Explanation	Failed to specify an ACL for TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURIACL

Message text	Added [STRING] access filter URI ACL [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: URI ACL name. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURIACL: Added IP access filter URI ACL uacl to policy group pgroup in context ctx1.
Explanation	A URI ACL was specified for IP, Web, or TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURIACL_FAILED

Message text	Failed to add [STRING] access filter URI ACL [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access · Web access. · TCP access. $2: URI ACL name. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURIACL_FAILED: Failed to add IP access filter URI ACL uacl to policy group pgroup in context ctx1.
Explanation	Failed to specify a URI ACL for IP, Web, or TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURLLIST

Message text	Specified URL list [STRING] for policy-group [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURLLIST: Specified URL list urllist for policy-group pg in context ctx1.
Explanation	A URL list was assigned to a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURLLIST_FAILED

Message text	Failed to specify URL list [STRING] for policy-group [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURLLIST_FAILED: Failed to specify URL list urllist for policy-group pg in context ctx1.
Explanation	Failed to assign a URL list to a policy group.
Recommended action	Verity that a URL list exists before you assign it to a policy group.

SSLVPN_ADD_REFERWEBACL

Message text	Added Web access filter [STRING] ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERWEBACL: Added Web access filter 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for Web accessing filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERWEBACL_FAILED

Message text	Failed to add Web access filter [STRING] ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: IP version for the ACL. The value can be IPv6 or null. A null value represents IPv4. $2: Advanced ACL number. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERWEBACL_FAILED: Failed to add Web access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	Failed to specify an ACL for Web accessing filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REWRITE_RULE

Message text	Created rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REWRITE_RULE: Created rewrite rule rw in file policy fp in context ctx.
Explanation	A rewrite rule was created.
Recommended action	No action is required.

SSLVPN_ADD_REWRITE_RULE_FAILED

Message text	Failed to create rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REWRITE_RULE_FAILED: Failed to create rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to create a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_ROUTELIST

Message text	Created IP-route-list [STRING] in context [STRING].
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_ROUTELIST: Created IP-route-list rtlist in context ctx1.
Explanation	A route list was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_ROUTELIST_FAILED

Message text	Failed to create IP-route-list [STRING] in context [STRING]
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_ROUTELIST_FAILED: Failed to create IP-route-list rtlist in context ctx1.
Explanation	Failed to create a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_ROUTEREFER

Message text	Configured access-route [STRING] in policy-group [STRING] in context [STRING].
Variable fields	$1: Route to be issued to clients. Valid values are: · Route in the format of ip-address mask. · Force-all. This setting forces all traffic to be sent to the SSL VPN gateway. · Route list name in the format of ip-route-list list-name. All routes in the route list will be issued to clients. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route ip-route-list rtlist in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route 1.0.0.0 255.240.0.0 in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route force-all in policy-group pg in context ctx.
Explanation	Routes to be issued to clients were specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_ROUTEREFER_FAILED

Message text	Failed to configure access-route [STRING] in policy-group [STRING] in context [STRING]
Variable fields	$1: Route to be issued to clients. Valid values are: · Route in the format of ip-address mask. · Force-all. This setting forces all traffic to be sent to the SSL VPN gateway. · Route list name in the format of ip-route-list list-name. All routes in the route list will be issued to clients. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route ip-route-list rtlist in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route 1.0.0.0 255.240.0.0 in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route force-all in policy-group pg in context ctx.
Explanation	Failed to specify a route or a route list to be issued to clients in a policy group.
Recommended action	Verify that a route list exists before you specify it in a policy group.

SSLVPN_ADD_SERVERURL

Message text	Specified URL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SERVERURL: Specified URL www.abc.com for URL item item1 in context ctx1.
Explanation	Configured the URL for a URL item.
Recommended action	No action is required.

SSLVPN_ADD_SERVERURL_FAILED

Message text	Failed to specify URL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SERVERURL_FAILED: Failed to specify URL www.abc.com for URL item item1 in context ctx1.
Explanation	Failed to configure the URL for a URL item.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUT

Message text	Created shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUT: Created shortcut shortcut1 in context ctx1.
Explanation	A shortcut was created.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUT_FAILED

Message text	Failed to create shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUT_FAILED: Failed to create shortcut shortcut1 in context ctx1.
Explanation	Failed to create a shortcut.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUTLIST

Message text	Created shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUTLIST: Created shortcut list scutlist1 in context ctx1.
Explanation	A shortcut list was created.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUTLIST_FAILED

Message text	Failed to create shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUTLIST_FAILED: Failed to create shortcut list scutlist1 in context ctx1.
Explanation	Failed to create a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_SNATPOOL

Message text	Created SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SNATPOOL: Created SSL VPN SNAT pool sp1.
Explanation	An SSL VPN SNAT address pool was created.
Recommended action	No action is required.

SSLVPN_ADD_SNATPOOL_FAILED

Message text	Failed to create SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SNATPOOL_FAILED: Failed to create SSL VPN SNAT pool sp1.
Explanation	Failed to create an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_URIACL

Message text	Created URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL: Created URI ACL uacl in context ctx1.
Explanation	A URI ACL was created.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_FAILED

Message text	Failed to create URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_FAILED: Failed to create URI ACL uacl in context ctx1.
Explanation	Failed to create a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_RULE

Message text	Added rule [UINT32] to URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_RULE: Added rule 5 to URI ACL uacl in context ctx1.
Explanation	A rule was added to a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_RULE_FAILED

Message text	Failed to add rule [UINT32] to URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_RULE_FAILED: Failed to add rule 5 to URI ACL uacl in context ctx1.
Explanation	Failed to add a rule to a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URL

Message text	Set URL (URL [STRING]) for file policy [STRING] in context [STRING].
Variable fields	$1: URL of the file to be rewritten. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URL: Set URL (URL http://192.168.1.1:8080/test.js) for file policy fp1 in context ctx1.
Explanation	The URL of the file to be rewritten was set for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_URL_FAILED

Message text	Failed to set URL (URL [STRING]) for file policy [STRING] in context [STRING].
Variable fields	$1: URL of the file to be rewritten. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URL_FAILED: Failed to set URL (URL http://192.168.1.1:8080/test.js) for file policy fp1 in context ctx1.
Explanation	Failed to set the URL of the file to be rewritten for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_URLITEM

Message text	Created URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLITEM: Created URL item item1 in context ctx1.
Explanation	Created a URL item.
Recommended action	No action is required.

SSLVPN_ADD_URLITEM_FAILED

Message text	Failed to create URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLITEM_FAILED: Failed to create URL item item1 in context ctx1.
Explanation	Failed to create a URL item.
Recommended action	No action is required.

SSLVPN_ADD_URLLIST

Message text	Created URL list [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLLIST: Created URL list urllist in context ctx1.
Explanation	A URL list was created.
Recommended action	No action is required.

SSLVPN_ADD_URLLIST_FAILED

Message text	Failed to create URL list [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLLIST_FAILED: Failed to create URL list urllist in context ctx1.
Explanation	Failed to create a URL list.
Recommended action	No action is required.

SSLVPN_ADD_USER

Message text	Failed to create user [STRING] in context [STRING].
Variable fields	$1: Username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_USER_FAILED: Failed to create user user1 in context ctx1.
Explanation	Failed to create an SSL VPN user in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_USER_FAILED

Message text	Created user [STRING] in context [STRING].
Variable fields	$1: Username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_USER: Created user user1 in context ctx1.
Explanation	An SSL VPN user was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AAADOMAIN

Message text	Specified AAA domain [STRING] for context [STRING].
Variable fields	$1: ISP domain name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AAADOMAIN: Specified AAA domain myserver for context ctx1.
Explanation	An ISP domain was specified for authentication, authorization, and accounting of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AAADOMAIN_FAILED

Message text	Failed to specify AAA domain [STRING] for context [STRING].
Variable fields	$1: ISP domain name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AAADOMAIN_FAILED: Failed to specify AAA domain myserver for context ctx1.
Explanation	Failed to specify an ISP domain for authentication, authorization, and accounting of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AUTHMODE

Message text	Configured authentication use [STRING] in context [STRING].
Variable fields	$1: Authentication mode, which indicates the authentication methods required for users to log in to the SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AUTHMODE: Configured authentication use all in context ctx1.
Explanation	Configured the authentication mode of an SSL VPN context. · The all mode indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context. · The any-one mode indicates that a user can log in to the SSL VPN context after passing any enabled authentication method.
Recommended action	No action is required.

SSLVPN_CFG_AUTHMODE_FAILED

Message text	Failed to configure authentication use [STRING] in context [STRING].
Variable fields	$1: Authentication mode, which indicates the authentication methods required for users to log in to the SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AUTHMODE_FAILED: Failed to configure authentication use all in context ctx1.
Explanation	Failed to configure the authentication mode of an SSL VPN context. · The all mode indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context. · The any-one mode indicates that a user can log in to the SSL VPN context after passing any enabled authentication method.
Recommended action	No action is required.

SSLVPN_CFG_BINDIP

Message text	Bound IP addresses [STRING] to user [STRING] in context [STRING].
Variable fields	$1: IP address list. $2: SSL VPN username. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIP: Bound IP addresses 10.1.1.1,10.1.1.3-10.1.1.5 to user user1 in context ctx1.
Explanation	IP addresses were bound to an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CFG_BINDIP_FAILED

Message text	Failed to bind IP addresses [STRING] to user [STRING] in context [STRING].
Variable fields	$1: IP address list. $2: SSL VPN username. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIP_FAILED: Failed to bind IP addresses 10.1.1.1,10.1.1.3-10.1.1.5 to user user1 in context ctx1.
Explanation	Failed to bind IP addresses to an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CFG_BINDIPAUTO

Message text	Set the number of IP addresses automatically bound to user [STRING] in context [STRING] to [UINT32].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name. $3: Number of IP addresses to be automatically bound to the user.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIPAUTO: Set the number of IP addresses automatically bound to user user1 in context ctx1 to 3.
Explanation	The number of IP addresses to be automatically bound to an SSL VPN user was specified.
Recommended action	No action is required.

SSLVPN_CFG_BINDIPAUTO_FAILED

Message text	Failed to set the number of IP addresses automatically bound to user [STRING] in context [STRING] to [UINT32].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name. $3: Number of IP addresses to be automatically bound to the user.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIPAUTO_FAILED: Failed to set the number of IP addresses automatically bound to user user1 in context ctx1 to 3.
Explanation	Failed to set the number of IP addresses to be automatically bound to an SSL VPN.
Recommended action	No action is required.

SSLVPN_CFG_CERTATTRIBUTE

Message text	Specified the attribute [STRING] as the certificate user name in context [STRING].
Variable fields	$1: Certificate attribute used as the SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_ CERTATTRIBUTE: Specified the attribute cn as the certificate user name in context ctx1.
Explanation	A certificate attribute was specified as the SSL VPN username.
Recommended action	No action is required.

SSLVPN_CFG_CERTATTRIBUTE_FAILED

Message text	Failed to specify the attribute [STRING] as the certificate user name in context [STRING].
Variable fields	$1: Certificate attribute used as the SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CERTATTRIBUTE_FAILED: Failed to specify the attribute cn as the certificate user name in context ctx1.
Explanation	Failed to specify a certificate attribute as the SSL VPN username.
Recommended action	No action is required.

SSLVPN_CFG_CONNECTIONS

Message text	Set the maximum number of connections to [STRING] for each session in context [STRING].
Variable fields	$1: Maximum number of concurrent connections per session. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONNECTIONS: Set the maximum number of connections to 50 for each session in context ctx1.
Explanation	The maximum number of concurrent connections per session was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONNECTIONS_FAILED

Message text	Failed to set the maximum number of connections to [STRING] for each session in context [STRING].
Variable fields	$1: Maximum number of concurrent connections per session. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONNECTIONS_FAILED: Failed to set the maximum number of connections to 50 for each session in context ctx1.
Explanation	Failed to set the maximum number of concurrent connections per session in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CTXUSERMAX

Message text	The SSLVPN user maximum of context [STRING] ([UINT32]) is changed to [STRING].
Variable fields	$1: Context ID. $2: Maximum number of SSL VPN users in the SSL VPN context.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CTXUSERMAX: The SSLVPN user maximum of context 2 is changed to 500
Explanation	The maximum number of SSL VPN users was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CTXUSERMAX_FAILED

Message text	Failed to set the maximum number of SSL VPN users in context [STRING] ([UINT32]).
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CTXUSERMAX_FAILED: Failed to set the maximum number of SSL VPN users in context 2.
Explanation	Failed to configure the maximum number of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXTVPN

Message text	Associated VPN instance [STRING] with context [STRING].
Variable fields	$1: VPN instance name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXTVPN: Associated VPN instance vpn1 with context ctx1.
Explanation	An SSL VPN context was associated with a VPN instance.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXTVPN_FAILED

Message text	Failed to associate VPN instance [STRING] with context [STRING]
Variable fields	$1: VPN instance name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXTVPN_FAILED: Failed to associate VPN instance vpn1 with context ctx1.
Explanation	Failed to associate an SSL VPN context with a VPN instance.
Recommended action	No action is required.

SSLVPN_CFG_CTX_WEBPAGECUST_FAIL

Message text	Failed to specify template [STRING] for SSL VPN webpage customization in context [STRING].
Variable fields	$1: Webpage template name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CTX_WEBPAGECUST_FAIL: Failed to specify template user1 for SSL VPN webpage customization in context a.
Explanation	Failed to specify an SSL VPN webpage template for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CTX_WEBPAGECUST

Message text	Specified template [STRING] for SSL VPN webpage customization in context [STRING].
Variable fields	$1: Webpage template name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CTX_WEBPAGECUST: Specified template user1 for SSL VPN webpage customization in context a.
Explanation	An SSL VPN webpage template was successfully specified for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CTXGATEWAY

Message text	Configured gateway [STRING] [ domain [STRING] \| virtual-host [STRING] ] in context [STRING].
Variable fields	$1: SSL VPN gateway name. $2: Domain name. $3: Virtual host name. $4: SSL VPN context name. Parameters $2 and $3 cannot be both configured. This message displays parameter $2, $3, or neither, depending on the configuration.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw domain domain1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw virtual-host myhost1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw in context ctx1.
Explanation	An SSL VPN context was associated with an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_CTXGATEWAY_FAILED

Message text	Failed to configure gateway [STRING] [ domain [STRING] \| virtual-host [STRING] ] in context [STRING]
Variable fields	$1: SSL VPN gateway name. $2: Domain name. $3: Virtual host name. $4: SSL VPN context name. Parameters $2 and $3 cannot be both configured. This message displays parameter $2, $3, or neither, depending on the configuration.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw domain domain1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw virtual-host myhost1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw in context ctx1.
Explanation	Failed to associate an SSL VPN context with an SSL VPN gateway.
Recommended action	1. Make sure the SSL VPN gateway to be associated already exists. 2. Identify the number of SSL VPN gateways associated with the SSL VPN context. If the number reaches the maximum and you want to associate a new gateway, remove an existing gateway association.

SSLVPN_CFG_DEFAULTPGROUP

Message text	Configured default-policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_DEFAULTPGROUP: Configured default-policy group pgroup in context ctx1.
Explanation	A policy group was specified as the default policy group in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_DEFAULTPGROUP_FAILED

Message text	Failed to configure default-policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_DEFAULTPGROUP_FAILED: Failed to configure default-policy-group pgroup in context ctx1.
Explanation	Failed to specify a policy group as the default policy group in an SSL VPN context.
Recommended action	Verify that a policy group exists before you specify it as the default policy group in an SSL VPN context.

SSLVPN_CFG_DNSSERVER

Message text	Specified [STRING] DNS server [STRING] in context [STRING].
Variable fields	$1: DNS server type, primary or secondary. $2: IP address of the DNS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_DNSSERVER: Specified primary DNS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_DNSSERVER: Specified secondary DNS server 1.1.1.2 in context ctx.
Explanation	A DNS server was specified for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_DNSSERVER_FAILED

Message text	Failed to specify [STRING] DNS server [STRING] in context [STRING]
Variable fields	$1: DNS server type, primary or secondary. $2: IP address of the DNS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_DNSSERVER_FAILED: Failed to specify primary DNS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_DNSSERVER_FAILED: Failed to specify secondary DNS server 1.1.1.2 in context ctx.
Explanation	Failed to specify a DNS server for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_EMOSERVER

Message text	Specified EMO server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the EMO server. $2: Port number of the EMO server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_EMOSERVER: Specified EMO server address 10.10.1.1 and port 9058 in context ctx1. · SSLVPN/6/SSLVPN_CFG_EMOSERVER: Specified EMO server address host and port 9058 in context ctx1.
Explanation	An EMO server was specified for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_EMOSERVER_FAILED

Message text	Failed to specify EMO server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the EMO server. $2: Port number of the EMO server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_EMOSERVER_FAILED: Failed to specify EMO server address 10.10.1.1 and port 9058 in context ctx1. · SSLVPN/6/SSLVPN_CFG_EMOSERVER_FAILED: Failed to specify EMO server address host and port 9058 in context ctx1.
Explanation	Failed to specify an EMO server for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_GATEWAYVPN

Message text	Specify VPN instance [STRING] for gateway [STRING].
Variable fields	$1: Name of the VPN instance to which the SSL VPN gateway belongs. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GATEWAYVPN: Specify VPN instance vpn1 for gateway gw1.
Explanation	A VPN instance was specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GATEWAYVPN_FAILED

Message text	Failed to specify VPN instance [STRING] for gateway [STRING]
Variable fields	$1: Name of the VPN instance to which the SSL VPN gateway belongs. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GATEWAYVPN_FAILED: Failed to specify VPN instance vpn1 for gateway gw1.
Explanation	Failed to specify a VPN instance for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GLB_WEBPAGECUST_FAIL

Message text	Failed to specify template [STRING] for global SSL VPN webpage customization.
Variable fields	$1: Webpage template name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GLB_WEBPAGECUST_FAIL: Failed to specify template user1 for global SSL VPN webpage customization.
Explanation	Failed to specify a global SSL VPN webpage template.
Recommended action	No action is required.

SSLVPN_CFG_GLB_WEBPAGECUSTOMIZE

Message text	Specified template [STRING] for global SSL VPN webpage customization.
Variable fields	$1: Webpage template name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GLB_WEBPAGECUST: Specified template user1 for global SSL VPN webpage customization.
Explanation	A global SSL VPN webpage template was specified successfully.
Recommended action	No action is required.

SSLVPN_CFG_GWIPADDRESS

Message text	Configured IP address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IP address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPADDRESS: Configured IP address 10.10.1.1 and port 8000 for gateway gw1.
Explanation	An IP address and port number were specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GWIPADDRESS_FAILED

Message text	Failed to configure IP address [STRING] and port [STRING] for gateway [STRING]
Variable fields	$1: IP address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPADDRESS_FAILED: Failed to configure IP address 10.10.1.1 and port 8000 for gateway gw1.
Explanation	Failed to specify the IP address and port number for an SSL VPN gateway.
Recommended action	1. Verify that the IP address specified for the SSL VPN gateway is not used by another gateway. 2. Verify that the port specified for the SSL VPN gateway is different from the HTTP-redirect port.

SSLVPN_CFG_GWIPV6ADDRESS

Message text	Configured IPv6 address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IPv6 address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPV6ADDRESS: Configured IPv6 address 1::1 and port 1027 for gateway gw1.
Explanation	An IPv6 address and port number were specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GWIPV6ADDRESS_FAILED

Message text	Failed to configure IPv6 address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IPv6 address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPV6ADDRESS_FAILED: Failed to configure IPv6 address 1::1 and port 1027 for gateway gw1.
Explanation	Failed to specify the IPv6 address and port number for an SSL VPN gateway.
Recommended action	1. Verify that the IP address specified for the SSL VPN gateway is not used by another gateway. 2. Verify that the port specified for the SSL VPN gateway is different from the HTTP-redirect port.

SSLVPN_CFG_HTTPREDIRECT

Message text	Configured HTTP-redirect port [STRING] in gateway [STRING].
Variable fields	$1: HTTP redirection port number. $2: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_HTTPREDIRECT: Configured HTTP-redirect port 8000 in gateway gw.
Explanation	HTTP redirection was enabled.
Recommended action	No action is required.

SSLVPN_CFG_HTTPREDIRECT_FAILED

Message text	Failed to configure HTTP-redirect port [STRING] in gateway [STRING]
Variable fields	$1: HTTP port number. $2: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_HTTPREDIRECT_FAILED: Failed to configure HTTP-redirect port 8000 in gateway gw.
Explanation	Failed to enable HTTP redirection for a port on an SSL VPN gateway.
Recommended action	Verify that the specified HTTP port number is not used by other redirection services.

SSLVPN_CFG_IMCADDRESS

Message text	Configured the IP address [STRING] port number [STRING] and VPN instance [STRING] of the iMC server in context [STRING].
Variable fields	$1: IP address of the IMC server for SMS message authentication. $2: Port number of the IMC server. $3: VPN instance to which the IMC server belongs. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IMCADDRESS: Configured the IP address 10.10.1.1 port number 8080 and VPN instance vpn1 of the iMC server in context ctx1.
Explanation	An IMC server for SMS message authentication was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IMCADDRESS_FAILED

Message text	Failed to configure the IP address [STRING] port number [STRING] and VPN instance [STRING] of the IMC server in context [STRING].
Variable fields	$1: IP address of the IMC server for SMS message authentication. $2: Port number of the IMC server for SMS message authentication. $3: VPN instance to which the IMC server belongs. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IMCADDRESS_FAILED: Failed to configure the IP address 10.10.1.1 port number 8080 and VPN instance vpn1 of the IMC server in context ctx1.
Explanation	Failed to configure an IMC server for SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPAC_WEBRESPUSH

Message text	Enabled automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPAC_WEBRESPUSH: Enabled automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Enabled automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context..
Recommended action	No action is required.

SSLVPN_CFG_IPAC_WEBRESPUSH_FAIL

Message text	Failed to enable automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPAC_WEBRESPUSH_FAIL: Failed to enable automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Failed to enable automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPCLIENT_AUTOACT

Message text	Enabled automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPCLIENT_AUTOACT: Enabled automatic IP access client startup after Web login in context ctx.
Explanation	Enabled automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPCLIENT_AUTOACT_FAIL

Message text	Failed to enable automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPCLIENT_AUTOACT_FAIL: Failed to enable automatic IP access client startup after Web login in context ctx.
Explanation	Failed to enable automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPTNL_RATE-LIMIT

Message text	Set the IP tunnel [STRING] rate limit to [UINT32] [STRING] in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: Rate limit value. $3: Unit of mesurement for the rate limit: · kbps. · pps. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT: Set the IP tunnel upstream rate limit to 1000 kbps in context ctx. SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT: Set the IP tunnel downstream rate limit to 1000 pps in context ctx.
Explanation	Set a rate limit for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL

Message text	Failed to set the IP tunnel [STRING] rate limit to [UINT32] [STRING] in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: Rate limit value. $3: Unit of mesurement for the rate limit: · kbps. · pps. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL: Failed to set the IP tunnel upstream rate limit to 1000 kbps in context ctx. SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL: Failed to set the IP tunnel downstream rate limit to 1000 pps in context ctx.
Explanation	Failed to set a rate limit for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CFG_IPTUNNELPOOL

Message text	Specified address-pool [STRING] mask [STRING] in context [STRING].
Variable fields	$1: Name of the address pool. $2: Mask length or mask of the address pool. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTUNNELPOOL: Specified address-pool pool1 mask 255.255.255.0 in context ctx.
Explanation	An address pool for IP access was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPTUNNELPOOL_FAILED

Message text	Failed to specify address-pool [STRING] mask [STRING] in context [STRING]
Variable fields	$1: Name of the address pool. $2: Mask length or mask of the address pool. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTUNNELPOOL_FAILED: Failed to specify address-pool pool1 mask 255.255.255.0 in context ctx.
Explanation	Failed to specify an address pool for IP address in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_KEEPALIVE

Message text	Configured IP Tunnel keepalive interval [STRING] seconds in context [STRING].
Variable fields	$1: Keepalive interval in seconds. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_KEEPALIVE: Configured IP Tunnel keepalive interval 50 seconds in context ctx.
Explanation	The keepalive interval for IP access was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_KEEPALIVE_FAILED

Message text	Failed to configure IP Tunnel keepalive interval [STRING] seconds in context [STRING]
Variable fields	$1: Keepalive interval in seconds. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_KEEPALIVE_FAILED: Failed to configure IP Tunnel keepalive interval 50 seconds in context ctx.
Explanation	Failed to set the keepalive interval for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOCALPORT

Message text	Configured port forwarding instance local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding instance. This field is not displayed if no description is configured. $6: Name of the port forwarding item for which the port forwarding instance is configured. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOCALPORT: Configured port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 for port forwarding item pfitem1 in context ctx. · SSLVPN/6/SSLVPN_CFG_LOCALPORT: Configured port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 description http for port forwarding item pfitem1 in context ctx.
Explanation	A port forwarding instance was configured for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_LOCALPORT_FAILED

Message text	Failed to configure port forwarding instance local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] for port forwarding item [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service $5: Description of the port forwarding instance. This field is not displayed if no description is configured. $6: Name of the port forwarding item for which the port forwarding instance is configured. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOCALPORT_FAILED: Failed to configure port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 for port forwarding item pfitem1 in context ctx. · SSLVPN/6/SSLVPN_CFG_LOCALPORT_FAILED: Failed to configure port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 description http for port forwarding item pfitemt1 in context ctx.
Explanation	Failed to configure a port forwarding instance for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_LOGINMESSAGE

Message text	Configured SSL VPN [STRING] login message [STRING] in context [STRING].
Variable fields	$1: Language used on the login page, English or Chinese. $2: Welcome message on the login page. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_LOGINMESSAGE: Configured SSL VPN English login message Welcome in context ctx1.
Explanation	A login welcome message was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOGINMESSAGE_FAILED

Message text	Failed to configure SSL VPN [STRING] login message [STRING] in context [STRING]
Variable fields	$1: Language used on the login page, English or Chinese. $2: Login welcome message on the login page. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_LOGINMESSAGE_FAILED: Failed to configure SSL VPN English login message Welcome in context ctx1.
Explanation	Failed to configure the login welcome message in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOGO

Message text	Configured SSL VPN logo [STRING] [STRING] in context [STRING].
Variable fields	$1: If a logo is configured, this field displays file. If no logo is configured, this field displays none. $2: Log file name. This field is not displayed if the $1 field displays none. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOGO: Configured SSL VPN logo file 1.jpg in context ctx1. · SSLVPN/6/SSLVPN_CFG_LOGO: Configured SSL VPN logo none in context ctx1.
Explanation	A logo to be displayed on SSL VPN webpages was specified.
Recommended action	No action is required.

SSLVPN_CFG_LOGO_FAILED

Message text	Failed to configure SSL VPN logo [STRING] [STRING] in context [STRING]
Variable fields	$1: If a logo is configured, this field displays file. If no logo is configured, this field displays none. $2: Log file name. This field is not displayed if $1 displays none. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOGO_FAILED: Failed to configure SSL VPN logo file 1.jpg in context ctx1. · SSLVPN/6/SSLVPN_CFG_LOGO_FAILED: Failed to configure SSL VPN logo none in context ctx1.
Explanation	Failed to specify a logo to be displayed on SSL VPN webpages.
Recommended action	Verify that the size of the logo file does not exceed the maximum file size limit.

SSLVPN_CFG_MAXONLINES

Message text	Set the maximum number of concurrent connections to [STRING] for each SSL VPN user in context [STRING].
Variable fields	$1: Maximum number of concurrent connections for each SSL VPN user. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXONLINES: Set the maximum number of concurrent connections to 50 for each SSL VPN user in context ctx1.
Explanation	The maximum number of concurrent connections for each SSL VPN user was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXONLINES_FAILED

Message text	Failed to set maximum number of concurrent connections to [STRING] for each SSL VPN user in context [STRING].
Variable fields	$1: Maximum concurrent connections for each SSL VPN user. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXONLINES_FAILED: Failed to set maximum number of concurrent connections to 50 for each SSL VPN user in context ctx1.
Explanation	Failed to set the maximum number of concurrent connections for each SSL VPN user in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXUSERS

Message text	Set the maximum number of sessions to [STRING] in context [STRING].
Variable fields	$1: Maximum number of sessions supported in an SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXUSERS: Set the maximum number of sessions to 500 in context ctx1.
Explanation	The maximum number of supported sessions was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXUSERS_FAILED

Message text	Failed to set maximum number of sessions to [STRING] in context [STRING]
Variable fields	$1: Maximum number of sessions supported in an SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXUSERS_FAILED: Failed to set maximum number of sessions to 500 in context ctx1.
Explanation	Failed to set the maximum number of supported sessions in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MSGSERVER

Message text	Specified message server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the message server. $2: Port number of the message server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_MSGSERVER: Specified message server address 10.10.1.1 and port 8000 in context ctx1. · SSLVPN/6/SSLVPN_CFG_MSGSERVER: Specified message server address host and port 8000 in context ctx1.
Explanation	A message server was specified for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MSGSERVER_FAILED

Message text	Failed to specify message server address [STRING] and port [STRING] in context [STRING]
Variable fields	$1: Host name or IPv4 address of the message server. $2: Port number of the message server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_MSGSERVER_FAILED: Failed to specify message server address 10.10.1.1 and port 8000 in context ctx1. · SSLVPN/6/SSLVPN_CFG_MSGSERVER_FAILED: Failed to specify message server address host and port 8000 in context ctx1.
Explanation	Failed to specify a message server for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_PFWDEXECUTION

Message text	Configured script [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Script of the resource for a port forwarding item. $2: Port forwarding item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_PFWDEXECUTION: Configured script url('http://127.0.0.1') for port forwarding item pfitem1 in context ctx.
Explanation	A resource was configured for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_PFWDEXECUTION_FAILED

Message text	Failed to configure script [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Script of the resource for a port forwarding item. $2: Port forwarding item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_PFWDEXECUTION_FAILED: Failed to configure script url('http://127.0.0.1') for port forwarding item pfitem1 in context ctx.
Explanation	Failed to configure a resource path for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_SCUTEXECUTION

Message text	Configured script [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Script of the resource associated with a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SCUTEXECUTION: Configured script url('http://10.0.0.1') for shortcut shortcut1 in context ctx.
Explanation	A resource was associated with a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SCUTEXECUTION_FAILED

Message text	Failed to configure script [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Script of the resource associated with a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SCUTEXECUTION_FAILED: Failed to configure script url('http://10.0.0.1') for shortcut shortcut1 in context ctx.
Explanation	Failed to associate a resource with a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SHORTCUTDESC

Message text	Configured description [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Description of a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SHORTCUTDESC: Configured description shortcut shortcut1 for shortcut shortcut1 in context ctx.
Explanation	A description was configured for a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SHORTCUTDESC_FAILED

Message text	Failed to configure description [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Description of a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SHORTCUTDESC_FAILED: Failed to configure description shortcut shortcut1 for shortcut shortcut1 in context ctx.
Explanation	Failed to configure a description for a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SSLCLIENT

Message text	Specified SSL client policy [STRING] for context [STRING].
Variable fields	$1: SSL client policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLCLIENT: Specified SSL client policy ssl for context ctx1.
Explanation	An SSL client policy was specified for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_SSLCLIENT_FAILED

Message text	Failed to specify SSL client policy [STRING] for context [STRING].
Variable fields	$1: SSL client policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLCLIENT_FAILED: Failed to specify SSL client policy ssl for context ctx1.
Explanation	Failed to specify an SSL client policy for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_SSLSERVER

Message text	Specified SSL server policy [STRING] for gateway [STRING].
Variable fields	$1: SSL server policy name. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLSERVER: Specified SSL server policy ssl for gateway gw1.
Explanation	An SSL server policy was specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_SSLSERVER_FAILED

Message text	Failed to specify SSL server policy [STRING] for gateway [STRING]
Variable fields	$1: SSL server policy name. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLSERVER_FAILED: Failed to specify SSL server policy ssl for gateway gw1.
Explanation	Failed to specify an SSL server policy for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_TIMEOUTIDLE

Message text	Configured session idle timeout to [STRING] minutes in context [STRING].
Variable fields	$1: Idle timeout timer for SSL VPN sessions. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TIMEOUTIDLE: Configured session idle timeout to 50 minutes in context ctx1.
Explanation	The idle timeout timer for SSL VPN sessions was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TIMEOUTIDLE_FAILED

Message text	Failed to configure session idle timeout to [STRING] minutes in context [STRING]
Variable fields	$1: Idle timeout timer for SSL VPN sessions. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TIMEOUTIDLE_FAILED: Failed to configure session idle timeout to 50 minutes in context ctx1.
Explanation	Failed to set the idle timeout timer for SSL VPN sessions in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TITLE

Message text	Configured SSL VPN page [STRING] title [STRING] in context [STRING].
Variable fields	$1: Language used on the login page, English or Chinese. $2: Title displayed on SSL VPN webpages. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TITLE: Configured SSL VPN page English title Mytitle in context ctx1.
Explanation	The title to be displayed on SSL VPN webpages was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TITLE_FAILED

Message text	Failed to configure SSL VPN page [STRING] title [STRING] in context [STRING]
Variable fields	$1: Language used on the login page, English or Chinese. $2: Title displayed on SSL VPN webpages. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TITLE_FAILED: Failed to configure SSL VPN page English title Mytitle in context ctx1.
Explanation	Failed to configure the title to be displayed on SSL VPN webpages in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TRAFFICTHRESHOLD

Message text	Set the idle-cut traffic threshold to [STRING] Kilobytes in context [STRING].
Variable fields	$1: Idle-cut traffic threshold value. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TRAFFICTHRESHOLD: Set the idle-cut traffic threshold to 100 Kilobytes in context ctx1.
Explanation	The SSL VPN session idle-cut traffic threshold was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TRAFFICTHRESHOLD_FAIL

Message text	Failed to set the idle-cut traffic threshold to [STRING] Kilobytes in context [STRING].
Variable fields	$1: Idle-cut traffic threshold value. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TRAFFICTHRESHOLD_FAIL: Failed to set the idle-cut traffic threshold to 100 Kilobytes in context ctx1.
Explanation	Failed to set the SSL VPN session idle-cut traffic threshold in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_URLLISTHEAD

Message text	Configured heading [STRING] for URL-list [STRING] in context [STRING].
Variable fields	$1: URL list heading name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_URLLISTHEAD: Configured heading urlhead for URL-list urllist in context ctx1.
Explanation	A heading was configured for a URL list.
Recommended action	No action is required.

SSLVPN_CFG_URLLISTHEAD_FAILED

Message text	Failed to configure heading [STRING] for URL-list [STRING] in context [STRING]
Variable fields	$1: URL list heading name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_URLLISTHEAD_FAILED: Failed to configure heading urlhead for URL-list urllist in context ctx1.
Explanation	Failed to configure a heading for a URL list.
Recommended action	No action is required.

SSLVPN_CFG_WINSSERVER

Message text	Specified [STRING] WINS server [STRING] in context [STRING].
Variable fields	$1: WINS server type, primary or secondary. $2: IPv4 address of the WINS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_WINSSERVER: Specified primary WINS server primary 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_WINSSERVER: Specified secondary WINS server secondary 1.1.1.2 in context ctx.
Explanation	A WIN server for IP access was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_WINSSERVER_FAILED

Message text	Failed to specify [STRING] WINS server [STRING] in context [STRING]
Variable fields	$1: WINS server type, primary or secondary. $2: IPv4 address of the WINS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_WINSSERVER_FAILED: Failed to specify primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_WINSSERVER_FAILED: Failed to specify secondary WINS server 1.1.1.2 in context ctx.
Explanation	Failed to specify a WINS server for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_AAADOMAIN

Message text	Deleted the AAA domain specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AAADOMAIN: Deleted the AAA domain specified for context ctx1.
Explanation	The ISP domain configuration was removed from an SSL VPN context. The SSL VPN context will use the default ISP domain for authentication, authorization, and accounting of SSL VPN users.
Recommended action	No action is required.

SSLVPN_CLR_AAADOMAIN_FAILED

Message text	Failed to delete the AAA domain specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AAADOMAIN_FAILED: Failed to delete the AAA domain specified for context ctx1.
Explanation	Failed to remove the ISP domain configuration from an SSL VPN context. The SSL VPN context still uses the specified ISP domain for authentication, authorization, and accounting of SSL VPN users.
Recommended action	No action is required.

SSLVPN_CLR_AUTHMODE

Message text	Configured authentication use all in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AUTHMODE: Configured authentication use all in context 2.
Explanation	The authentication mode of an SSL VPN context was set to all. A user must pass all enabled authentication methods to log in to the SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_AUTHMODE_FAILED

Message text	Failed to configure authentication use all in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AUTHMODE_FAILED: Failed to configure authentication use all in context 2.
Explanation	Failed to specify the authentication mode of an SSL VPN context as all, which indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_BINDIP

Message text	Deleted IP address binding configuration for user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_BINDIP: Deleted IP address binding configuration for user user1 in context ctx1.
Explanation	The IP address binding configuration was deleted for an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CLR_BINDIP_FAILED

Message text	Failed to delete IP address binding configuration for user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_BINDIP_FAILED: Failed to delete IP address binding configuration for user user1 in context ctx1.
Explanation	Failed to delete the IP address binding configuration for an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CLR_CERTATTRIBUTE

Message text	Specified the attribute cn as the certificate user name in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CERTATTRIBUTE: Specified the attribute cn as the certificate user name in context ctx1.
Explanation	The CN attribute of the certificate was specified as the SSL VPN username.
Recommended action	No action is required.

SSLVPN_CLR_CERTATTRIBUTE_FAILED

Message text	Failed to specify the attribute cn as the certificate user name in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CERTATTRIBUTE_FAILED: Failed to specify the attribute cn as the certificate user name in context ctx1.
Explanation	Failed to specify the CN attribute of the certificate as the SSL VPN username.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXT_USERMAX

Message text	The SSLVPN user maximum of context [STRING] ([UINT32]) is changed to default.
Variable fields	$1: Context ID. $2: Maximum number of SSL VPN users in the SSL VPN context.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXT_USERMAX: The SSLVPN user maximum of context 2 is changed to default.
Explanation	The maximum number of SSL VPN users configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXT_USERMAX_FAILED

Message text	Failed to delete the maximum number of SSL VPN users in context [STRING] ([UINT32]).
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXT_USERMAX_FAILED: Failed to delete the maximum number of SSL VPN users in context 2.
Explanation	Failed to remove the maximum number of SSL VPN users configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXTVPN

Message text	Deleted the associated VPN instance in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXTVPN: Deleted the associated VPN instance in context ctx1.
Explanation	The association between an SSL VPN context and a VPN instance was removed.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXTVPN_FAILED

Message text	Failed to delete the associated VPN instance in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXTVPN_FAILED: Failed to delete the associated VPN instance in context ctx1.
Explanation	Failed to remove the association between an SSL VPN context and a VPN instance.
Recommended action	No action is required.

SSLVPN_CLR_CTXGATEWAY

Message text	Deleted gateway in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CTXGATEWAY: Deleted gateway in context ctx1.
Explanation	An SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_CTXGATEWAY_FAILED

Message text	Failed to delete gateway in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CTXGATEWAY_FAILED: Failed to delete gateway in context ctx1.
Explanation	Failed to delete an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_DEFAULT_PGROUP

Message text	Deleted default-policy-group in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_DEFAULT_PGROUP: Deleted default-policy-group in context ctx1.
Explanation	The default policy group configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DEFAULT_PGROUP_FAILED

Message text	Failed to delete default-policy-group in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_DEFAULT_PGROUP_FAILED: Failed to delete default-policy-group in context ctx1.
Explanation	Failed to remove the default policy group configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DNSSERVER

Message text	Deleted [STRING] DNS server in context [STRING].
Variable fields	$1: DNS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_DNSSERVER: Deleted primary DNS server in context ctx. · SSLVPN/6/SSLVPN_CLR_DNSSERVER: Deleted secondary DNS server in context ctx.
Explanation	The DNS server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DNSSERVER_FAILED

Message text	Failed to delete [STRING] DNS server in context [STRING]
Variable fields	$1: DNS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_DNSSERVER_FAILED: Failed to delete primary DNS server in context ctx. · SSLVPN/6/SSLVPN_CLR_DNSSERVER_FAILED: Failed to delete secondary DNS server in context ctx.
Explanation	Failed to remove the DNS server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_EMOSERVER

Message text	Deleted EMO server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_EMOSERVER: Deleted emo-server in context ctx1.
Explanation	The Endpoint Mobile Office (EMO) server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_EMOSERVER_FAILED

Message text	Failed to delete EMO server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_EMOSERVER_FAILED: Failed to delete EMO server in context ctx1.
Explanation	Failed to remove the Endpoint Mobile Office (EMO) server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_GATEWAYVPN

Message text	Deleted VPN instance for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GATEWAYVPN: Deleted VPN instance for gateway gw1.
Explanation	The VPN instance configuration was removed for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GATEWAYVPN_FAILED

Message text	Failed to delete VPN instance for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GATEWAYVPN_FAILED: Failed to delete VPN instance for gateway gw1.
Explanation	Failed to remove the VPN instance configuration for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GWIPADDRESS

Message text	Deleted IP address of gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPADDRESS: Deleted IP address of gateway gw1.
Explanation	The IP address of an SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_GWIPADDRESS_FAILED

Message text	Failed to delete IP address of gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPADDRESS_FAILED: Failed to delete IP address of gateway gw1.
Explanation	Failed to delete the IP address of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GWIPV6ADDRESS

Message text	Deleted IPv6 address of gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPV6ADDRESS: Deleted IPv6 address of gateway gw1.
Explanation	The IPv6 address of an SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_GWIPV6ADDRESS_FAILED

Message text	Failed to delete IPv6 address of gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPV6ADDRESS_FAILED: Failed to delete IPv6 address of gateway gw1.
Explanation	Failed to delete the IPv6 address of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_HTTPREDIRECT

Message text	Disabled HTTP-redirect in gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_HTTPREDIRECT: Disabled HTTP-redirect in gateway gw.
Explanation	HTTP redirection was disabled for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_HTTPREDIRECT_FAILED

Message text	Failed to disable HTTP-redirect in gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_HTTPREDIRECT_FAILED: Failed to disable HTTP-redirect in gateway gw.
Explanation	Failed to disable HTTP redirection for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_IMCADDRESS

Message text	Deleted the IP address of the iMC server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IMCADDRESS: Deleted the IP address of the iMC server in context ctx1.
Explanation	The IMC server configuration for SMS message authentication was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IMCADDRESS_FAILED

Message text	Failed to delete the IP address of the iMC server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IMCADDRESS_FAILED: Failed to delete the IP address of the iMC server in context ctx1.
Explanation	Failed to remove the IMC server configuration for SMS message authentication from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPAC_WEBRESPUSH

Message text	Disabled automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPAC_WEBRESPUSH: Disabled automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Disabled automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPAC_WEBRESPUSH_FAIL

Message text	Failed to disable automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPAC_WEBRESPUSH_FAIL: Failed to disable automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Failed to disable automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPCLIENT_AUTOACT

Message text	Disabled automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPCLIENT_AUTOACT: Disabled automatic IP access client startup after Web login in context ctx.
Explanation	Disabled automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPCLIENT_AUTOACT_FAIL

Message text	Failed to disable automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPCLIENT_AUTOACT_FAIL: Failed to disable automatic IP access client startup after Web login in context ctx.
Explanation	Failed to disable automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPTNL_RATE-LIMIT

Message text	Deleted the rate limit configuration for IP tunnel [STRING] traffic in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT: Deleted the rate limit configuration for IP tunnel upstream traffic in context ctx. SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT: Deleted the rate limit configuration for IP tunnel downstream traffic in context ctx.
Explanation	Deleted the rate limit setting for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL

Message text	Failed to delete the rate limit configuration for IP tunnel [STRING] traffic in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL: Failed to delete the rate limit configuration for IP tunnel upstream traffic in context ctx. SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL: Failed to delete the rate limit configuration for IP tunnel downstream traffic in context ctx.
Explanation	Failed to delete the rate limit setting for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CLR_IPTUNNELPOOL

Message text	Deleted address-pool in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTUNNELPOOL: Deleted address-pool in context ctx.
Explanation	The IP access address pool configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPTUNNELPOOL_FAILED

Message text	Failed to delete address-pool in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTUNNELPOOL_FAILED: Failed to delete address-pool in context ctx.
Explanation	Failed to remove the IP access address pool configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_LOCALPORT

Message text	Deleted the port forwarding instance used by port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOCALPORT: Deleted the port forwarding instance used by port forwarding item pfitem1 in context ctx.
Explanation	The port forwarding instance used by a port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_CLR_LOCALPORT_FAILED

Message text	Failed to delete the port forwarding instance used by port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOCALPORT_FAILED: Failed to delete the port forwarding instance used by port forwarding item pfitem1 in context ctx.
Explanation	Failed to delete the port forwarding instance used by a port forwarding item.
Recommended action	No action is required.

SSLVPN_CLR_LOGO

Message text	Configured SSL VPN logo H3C in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOGO: Configured SSL VPN logo H3C in context ctx1.
Explanation	The logo to be displayed on SSL VPN webpages was set to H3C.
Recommended action	No action is required.

SSLVPN_CLR_LOGO_FAILED

Message text	Failed to configure SSL VPN logo H3C in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOGO_FAILED: Failed to configure SSL VPN logo H3C in context ctx1.
Explanation	Failed to set the logo to be displayed on SSL VPN webpages to H3C.
Recommended action	No action is required.

SSLVPN_CLR_MSGSERVER

Message text	Deleted message server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_MSGSERVER: Deleted message server in context ctx1.
Explanation	The message server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_MSGSERVER_FAILED

Message text	Failed to delete message server in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_MSGSERVER_FAILED: Failed to delete message server in context ctx1.
Explanation	Failed to remove the message server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_PFWDEXECUTION

Message text	Deleted the script for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_PFWDEXECUTION: Deleted the script for port forwarding item pfitem1 in context ctx.
Explanation	The resource specified for a port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_CLR_PFWDEXECUTION_FAILED

Message text	Failed to delete the script for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_PFWDEXECUTION_FAILED: Failed to delete the script for port forwarding item pfitem1 in context ctx.
Explanation	Failed to delete the resource specified for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CLR_SCUTDESCRIPTION

Message text	Deleted the description for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTDESCRIPTION: Deleted the description for shortcut shortcut1 in context ctx.
Explanation	The description configured for shortcut was deleted.
Recommended action	No action is required.

SSLVPN_CLR_SCUTDESCRIPTION_FAILED

Message text	Failed to delete the description for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTDESCRIPTION_FAILED: Failed to delete the description for shortcut shortcut1 in context ctx.
Explanation	Failed to delete the description configured for a shortcut.
Recommended action	No action is required.

SSLVPN_CLR_SCUTEXECUTION

Message text	Deleted the script for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTEXECUTION: Deleted the script for shortcut shortcut1 in context ctx.
Explanation	The association between a resource and a shortcut was deleted.
Recommended action	No action is required.

SSLVPN_CLR_SCUTEXECUTION_FAILED

Message text	Failed to delete the script for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTEXECUTION_FAILED: Failed to delete the script for shortcut shortcut1 in context ctx.
Explanation	Failed to delete the association between a resource and a shortcut.
Recommended action	No action is required.

SSLVPN_CLR_SSLCLIENT

Message text	Deleted the SSL client policy specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLCLIENT: Deleted the SSL client policy specified for context ctx1.
Explanation	The SSL client policy configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_SSLCLIENT_FAILED

Message text	Failed to delete SSL client policy for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLCLIENT_FAILED: Failed to delete SSL client policy for context ctx1.
Explanation	Failed to remove the SSL client policy configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_SSLSERVER

Message text	Deleted the SSL server policy specified for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLSERVER: Deleted the SSL server policy specified for gateway gw1.
Explanation	The SSL server policy configuration was removed for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_SSLSERVER_FAILED

Message text	Failed to delete SSL server policy for gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLSERVER_FAILED: Failed to delete SSL server policy for gateway gw1.
Explanation	Failed to remove the SSL server policy configuration for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_TRAFFICTHRESHOLD

Message text	Deleted the idle-cut traffic threshold in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_TRAFFICTHRESHOLD: Deleted the idle-cut traffic threshold in context ctx1.
Explanation	Removed the SSL VPN session idle-cut traffic threshold setting in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_TRAFFICTHRESHOLD_FAIL

Message text	Failed to delete the idle-cut traffic threshold in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_TRAFFICTHRESHOLD_FAIL: Failed to delete the idle-cut traffic threshold in context ctx1.
Explanation	Failed to remove the SSL VPN session idle-cut traffic threshold setting in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_WINSSERVER

Message text	Deleted [STRING] WINS server in context [STRING].
Variable fields	$1: WINS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_WINSSERVER: Deleted primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CLR_WINSSERVER: Deleted secondary WINS server 1.1.1.2 in context ctx.
Explanation	The WINS server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_WINSSERVER_FAILED

Message text	Failed to delete [STRING] WINS server in context [STRING]
Variable fields	$1: WINS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_WINSSERVER_FAILED: Failed to delete primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CLR_WINSSERVER_FAILED: Failed to delete secondary WINS server 1.1.1.2 in context ctx.
Explanation	Failed to remove the WINS server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_CONTENT_TYPE

Message text	Deleted the content type configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTENT_TYPE: Deleted the content type configuration for file policy fp1 in context ctx1.
Explanation	The content type configuration was deleted for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_CONTENT_TYPE_FAILED

Message text	Failed to delete the content type configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTENT_TYPE_FAILED: Failed to delete the content type configuration for file policy fp1 in context ctx1.
Explanation	Failed to delete the content type configuration for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_CONTEXT

Message text	Deleted SSL VPN context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTEXT: Deleted SSL VPN context ctx1.
Explanation	An SSL VPN context was deleted.
Recommended action	No action is required.

SSLVPN_DEL_CONTEXT_FAILED

Message text	Failed to delete SSL VPN context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTEXT_FAILED: Failed to delete SSL VPN context ctx1.
Explanation	Failed to delete an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_EXCROUTEITEM

Message text	Deleted exclude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_EXCROUTEITEM: Deleted exclude route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	An exclude route was removed from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_EXCROUTEITEM_FAILED

Message text	Failed to delete exclude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_EXCROUTEITEM_FAILED: Failed to delete exclude route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	Failed to remove an exclude route from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_FILEPOLICY

Message text	Deleted file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_FILEPOLICY: Deleted file policy fp1 in context ctx1.
Explanation	A file policy was deleted.
Recommended action	No action is required.

SSLVPN_DEL_FILEPOLICY_FAILED

Message text	Failed to delete file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_FILEPOLICY_FAILED: Failed to delete file policy fp1 in context ctx1.
Explanation	Failed to delete a file policy.
Recommended action	No action is required.

SSLVPN_DEL_GATEWAY

Message text	Deleted SSL VPN gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_GATEWAY: Deleted SSL VPN gateway gw1.
Explanation	An SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_DEL_GATEWAY_FAILED

Message text	Failed to delete SSL VPN gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_GATEWAY_FAILED: Failed to delete SSL VPN gateway gw1.
Explanation	Failed to delete an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_DEL_INCROUTEITEM

Message text	Deleted inlcude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_INCROUTEITEM: Deleted include route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	An include route was removed from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_INCROUTEITEM_FAILED

Message text	Failed to delete include route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_INCROUTEITEM_FAILED: Failed to delete include route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	Failed to remove an include route from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPADDRESSPOOL

Message text	Deleted IP address pool [STRING].
Variable fields	$1: Name of the IP address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPADDRESSPOOL: Deleted IP address pool pool1.
Explanation	An address pool was deleted.
Recommended action	No action is required.

SSLVPN_DEL_IPADDRESSPOOL_FAILED

Message text	Failed to delete IP address pool [STRING]
Variable fields	$1: Name of the IP address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPADDRESSPOOL_FAILED: Failed to delete IP address pool pool1.
Explanation	Failed to delete an address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPTUNNELACIF

Message text	Deleted SSL VPN AC interface in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPTUNNELACIF: Deleted SSL VPN AC interface in context ctx.
Explanation	The SSL VPN AC interface configuration for IP access was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPTUNNELACIF_FAILED

Message text	Failed to delete SSL VPN AC interface in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPTUNNELACIF_FAILED: Failed to delete SSL VPN AC interface in context ctx.
Explanation	Failed to remove the SSL VPN AC interface configuration for IP access from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPV4_RANGE

Message text	Deleted the IPv4 address range of SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV4_RANGE: Deleted IPv4 address range of SNAT pool sp1.
Explanation	The IPv4 address range configuration was removed for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV4_RANGE_FAILED

Message text	Failed to delete the IPv4 address range of SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV4_RANGE_FAILED: Failed to delete IPv4 address range of SNAT pool sp1.
Explanation	Failed to remove the IPv4 address range configuration for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV6_RANGE

Message text	Deleted IPv6 address range of SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV6_RANGE: Deleted IPv6 address range of SNAT pool sp1.
Explanation	The IPv6 address range configuration was removed for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV6_RANGE_FAILED

Message text	Failed to delete IPv6 address range of SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV6_RANGE_FAILED: Failed to delete IPv6 address range of SNAT pool sp1.
Explanation	Failed to remove the IPv6 address range configuration for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_LOCALPORT

Message text	Deleted port forwarding entry local-port [STRING] local-name [STRING] in port forwarding list [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: Port forwarding list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_LOCALPORT: Deleted port forwarding entry local-port 80 local-name 127.0.0.1 in port forwarding list pflist1 in context ctx.
Explanation	A port forwarding entry was deleted from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_LOCALPORT_FAILED

Message text	Failed to delete port forwarding entry local-port [STRING] local-name [STRING] in port forwarding list [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: Port forwarding list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_LOCALPORT_FAILED: Failed to delete port forwarding entry local-port 80 local-name 127.0.0.1 in port forwarding list pflist1 in context ctx.
Explanation	Failed to delete a port forwarding entry from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_NEWCONTENT

Message text	Deleted the new content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_NEWCONTENT: Deleted the new content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	The new content configuration was deleted for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_NEWCONTENT_FAILED

Message text	Failed to delete the new content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_NEWCONTENT_FAILED: Failed to delete the new content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to delete the new content configuration for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_OLDCONTENT

Message text	Deleted the old content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_OLDCONTENT: Deleted the old content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	The old content configuration was deleted for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_OLDCONTENT_FAILED

Message text	Failed to delete the old content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_OLDCONTENT_FAILED: Failed to delete the old content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to delete the old content configuration for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD

Message text	Deleted port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD: Deleted port forwarding list pf in context ctx1.
Explanation	A port forwarding list was deleted from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_FAILED

Message text	Failed to delete port forwarding list [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_FAILED: Failed to delete port forwarding list pf in context ctx1.
Explanation	Failed to delete a port forwarding list from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_ITEM

Message text	Deleted port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_ITEM: Deleted port forwarding item pfitem in context ctx1.
Explanation	A port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_ITEM_FAILED

Message text	Failed to delete port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_ITEM_FAILED: Failed to delete port forwarding item pfitem in context ctx1.
Explanation	Failed to delete a port forwarding item.
Recommended action	No action is required.

SSLVPN_DEL_PYGROUP

Message text	Deleted policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PYGROUP: Deleted policy group pg in context ctx1.
Explanation	An SSL VPN policy group was deleted.
Recommended action	No action is required.

SSLVPN_DEL_PYGROUP_FAILED

Message text	Failed to delete policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PYGROUP_FAILED: Failed to delete policy group pg in context ctx1.
Explanation	Failed to delete an SSL VPN policy group.
Recommended action	Verify that the policy group is not being used by SSL VPN users.

SSLVPN_DEL_REFERIPACL

Message text	Deleted IP access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERIPACL: Deleted IP access filter in policy group pgroup in context ctx1.
Explanation	The IP access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERIPACL_FAILED

Message text	Failed to delete IP access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERIPACL_FAILED: Failed to delete IP access filter in policy group pgroup in context ctx1
Explanation	Failed to remove the IP access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERPFWDITEM

Message text	Removed port forwarding item [STRING] from port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPFWDITEM: Removed port forwarding item pfitem1 from port forwarding list pflist1 in context ctx1.
Explanation	A port forwarding item was removed from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_REFERPFWDITEM_FAILED

Message text	Failed to remove port forwarding item [STRING] from port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPFWDITEM_FAILED: Failed to remove port forwarding item pfitem1 from port forwarding list pflist1 in context ctx1.
Explanation	Failed to remove a port forwarding item from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_REFERPORTFWD

Message text	Deleted port forwarding list used by policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPORTFWD: Deleted port forwarding list used by policy-group pg in context ctx1.
Explanation	The port forwarding list configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERPORTFWD_FAILED

Message text	Failed to delete port forwarding list used by policy-group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPORTFWD_FAILED: Failed to delete port forwarding list used by policy-group pg in context ctx1.
Explanation	Failed to remove the port forwarding list configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSCUTLIST

Message text	Removed shortcut list from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSCUTLIST: Removed shortcut list from policy group pg in context ctx1.
Explanation	A shortcut list was removed from an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSCUTLIST_FAILED

Message text	Failed to remove shortcut list from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSCUTLIST_FAILED: Failed to remove shortcut list from policy group pg in context ctx1.
Explanation	Failed to remove a shortcut list from an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSHORTCUT

Message text	Removed shortcut [STRING] from shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSHORTCUT: Removed shortcut shortcut1 from shortcut list scutlist1 in context ctx1.
Explanation	A shortcut was removed from a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_REFERSHORTCUT_FAILED

Message text	Failed to remove shortcut [STRING] from shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSHORTCUT_FAILED: Failed to remove shortcut shortcut1 from shortcut list scutlist1 in context ctx1.
Explanation	Failed to remove a shortcut from a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_REFERSNATPOOL

Message text	Deleted the SNAT pool used in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSNATPOOL: Deleted the SNAT pool used in context ctx1.
Explanation	The SNAT address pool configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_REFERSNATPOOL_FAILED

Message text	Failed to delete the SNAT pool used in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSNATPOOL_FAILED: Failed to delete the SNAT pool used in context cxt1.
Explanation	Failed to remove the SNAT address pool configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_REFERTCPACL

Message text	Deleted TCP access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERTCPACL: Deleted TCP access filter in policy group pgroup in context ctx1.
Explanation	The TCP access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERTCPACL_FAILED

Message text	Failed to delete TCP access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERTCPACL_FAILED: Failed to delete TCP access filter in policy group pgroup in context ctx1.
Explanation	Failed to remove the TCP access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURIACL

Message text	Deleted [STRING] access filter URI ACL from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURIACL: Deleted IP access filter URI ACL from policy group pgroup in context ctx1.
Explanation	The URI ACL used for IP, Web, or TCP access filtering was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURIACL_FAILED

Message text	Failed to delete [STRING] access filter URI ACL from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURIACL_FAILED: Failed to delete IP access filter URI ACL from policy group pgroup in context ctx1.
Explanation	Failed to remove the URI ACL used for IP, Web, or TCP access filtering from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLITEM

Message text	Deleted URL item [STRING] from URL list [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLITEM: Deleted URL item item1 from URL list list1 in context ctx1.
Explanation	Removed a URL item from a URL list.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLITEM_FAILED

Message text	Failed to delete URL item [STRING] from URL list [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLITEM_FAILED: Failed to delete URL item item1 from URL list list1 in context ctx1.
Explanation	Failed to remove a URL item from a URL list.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLLIST

Message text	Deleted URL list [STRING] used by policy-group [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLLIST: Deleted URL list urllist used by policy-group pg in context ctx1.
Explanation	A URL list was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLLIST_FAILED

Message text	Failed to delete URL list [STRING] used by policy-group [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLLIST_FAILED: Failed to delete URL list urllist used by policy-group pg in context ctx1.
Explanation	Failed to remove a URL list from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERWEBACL

Message text	Deleted Web access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERWEBACL: Deleted Web access filter in policy group pgroup in context ctx1.
Explanation	The Web access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERWEBACL_FAILED

Message text	Failed to delete Web access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERWEBACL_FAILED: Failed to delete Web access filter in policy group pgroup in context ctx1
Explanation	Failed to remove the Web access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REWRITE_RULE

Message text	Deleted rewrite rule [STRING] from file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REWRITE_RULE: Deleted rewrite rule rw from file policy fp in context ctx.
Explanation	A rewrite rule was deleted.
Recommended action	No action is required.

SSLVPN_DEL_REWRITE_RULE_FAILED

Message text	Failed to delete rewrite rule [STRING] from file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REWRITE_RULE_FAILED: Failed to delete rewrite rule rw from file policy fp in context ctx.
Explanation	Failed to delete a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_ROUTELIST

Message text	Deleted IP-route-list [STRING] in context [STRING].
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTELIST: Deleted IP-route-list rtlist in context ctx1.
Explanation	A route list was deleted from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_ROUTELIST_FAILED

Message text	Failed to delete IP-route-list [STRING] in context [STRING]
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTELIST_FAILED: Failed to delete IP-route-list rtlist in context ctx1.
Explanation	Failed to delete a route list from an SSL VPN context,
Recommended action	No action is required.

SSLVPN_DEL_ROUTEREFER

Message text	Deleted access routes [STRING] in policy-group [STRING] in context [STRING].
Variable fields	$1: The value can be force-all or null. The value of force-all means to delete the route entries forcibly. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTEREFER: Deleted access routes in policy-group pg in context ctx.
Explanation	Access routes were deleted from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_ROUTEREFER_FAILED

Message text	Failed to delete access routes [STRING] in policy-group [STRING] in context [STRING]
Variable fields	$1: The value can be force-all or null. The value of force-all means to delete the route entries forcibly. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTEREFER_FAILED: Failed to delete access routes in policy-group pg in context ctx.
Explanation	Failed to delete access routes from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_SERVERURL

Message text	Deleted URL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SERVERURL: Deleted URL www.abc.com from URL item item1 in context ctx1.
Explanation	Deleted the URL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_SERVERURL_FAILED

Message text	Failed to delete URL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SERVERURL_FAILED: Failed to delete URL www.abc.com from URL item item1 in context ctx1.
Explanation	Failed to delete the URL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUT

Message text	Deleted shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUT: Deleted shortcut shortcut1 in context ctx1.
Explanation	A shortcut was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUT_FAILED

Message text	Failed to delete shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUT_FAILED: Failed to delete shortcut shortcut1 in context ctx1.
Explanation	Failed to delete a shortcut.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUTLIST

Message text	Deleted shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUTLIST: Deleted shortcut list scutlist1 in context ctx1.
Explanation	A shortcut list was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUTLIST_FAILED

Message text	Failed to delete shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUTLIST_FAILED: Failed to delete shortcut list scutlist1 in context ctx1.
Explanation	Failed to delete a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_SNATPOOL

Message text	Deleted SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SNATPOOL: Deleted SSL VPN SNAT pool sp1.
Explanation	A SNAT address pool was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SNATPOOL_FAILED

Message text	Failed to delete SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SNATPOOL_FAILED: Failed to delete SSL VPN SNAT pool sp1.
Explanation	Failed to delete a SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_URIACL

Message text	Deleted URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL: Deleted URI ACL uacl in context ctx1.
Explanation	A URI ACL was deleted.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_FAILED

Message text	Failed to delete URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_FAILED: Failed to delete URI ACL uacl in context ctx1.
Explanation	Failed to delete a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_RULE

Message text	Deleted rule [UINT32] from URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_RULE: Deleted rule 5 from URI ACL uacl in context ctx1.
Explanation	A rule was deleted from a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_RULE_FAILED

Message text	Failed to delete rule [UINT32] from URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_RULE_FAILED: Failed to delete rule 5 from URI ACL uacl in context ctx1.
Explanation	Failed to delete a rule from a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URL

Message text	Deleted the URL configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URL: Deleted the URL configuration for file policy fp1 in context ctx1.
Explanation	The file URL configuration was deleted for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_URL_FAILED

Message text	Failed to delete the URL configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URL_FAILED: Failed to delete the URL configuration for file policy fp1 in context ctx1.
Explanation	Failed to delete the file URL configuration for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_URLITEM

Message text	Deleted URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLITEM: Deleted URL item item1 in context ctx1.
Explanation	Deleted a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLITEM_FAILED

Message text	Failed to delete URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLITEM_FAILED: Failed to delete URL item item1 in context ctx1.
Explanation	Failed to delete a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLLIST

Message text	Deleted URL list [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLLIST: Deleted URL list urllist in context ctx1.
Explanation	A URL list was deleted.
Recommended action	No action is required.

SSLVPN_DEL_URLLIST_FAILED

Message text	Failed to delete URL list [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLLIST_FAILED: Failed to delete URL list urllist in context ctx1.
Explanation	Failed to delete a URL list.
Recommended action	No action is required.

SSLVPN_DEL_URLMAPPING

Message text	Deleted URL mapping from URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLMAPPING: Deleted URL mapping from URL item item1 in context ctx1.
Explanation	Removed the URL mapping configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLMAPPING_FAILED

Message text	Failed to delete URL mapping from URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLMAPPING_FAILED: Failed to delete URL mapping from URL item item1 in context ctx1.
Explanation	Failed to remove the URL mapping configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_USER

Message text	Deleted user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_USER: Deleted user user1 in context ctx1.
Explanation	An SSL VPN user was deleted.
Recommended action	No action is required.

SSLVPN_DEL_USER_FAILED

Message text	Failed to delete user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_USER_FAILED: Failed to delete user user1 in context ctx1.
Explanation	Failed to delete an SSL VPN user.
Recommended action	No action is required.

SSLVPN_DISABLE_CONTEXT

Message text	Disabled service in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CONTEXT: Disabled service in context ctx1.
Explanation	An SSL VPN context was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_CONTEXT_FAILED

Message text	Failed to disable service in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CONTEXT_FAILED: Failed to disable service in context ctx1.
Explanation	Failed to disable an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_CRTAUTH

Message text	Disabled certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CRTAUTH: Disabled certificate-authentication in context ctx1.
Explanation	Certificate authentication was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_CRTAUTH_FAILED

Message text	Failed to disable certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CRTAUTH_FAILED: Failed to disable certificate-authentication in context ctx1.
Explanation	Failed to disable certificate authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_DYNAMICPWD

Message text	Disabled dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_DYNAMICPWD: Disabled dynamic-password in context ctx1.
Explanation	Dynamic password verification was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_DYNAMICPWD_FAILED

Message text	Failed to disable dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_DYNAMICPWD_FAILED: Failed to disable dynamic-password in context ctx1.
Explanation	Failed to disable dynamic password verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_GATEWAY

Message text	Disabled service in gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GATEWAY: Disabled service in gateway gw1.
Explanation	An SSL VPN gateway was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_GATEWAY_FAILED

Message text	Failed to disable service in gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GATEWAY_FAILED: Failed to disable service in gateway gw1.
Explanation	Failed to disable an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBAL_LOG

Message text	Disabled SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBAL_LOG: Disabled SSL VPN logging globally.
Explanation	The SSL VPN global logging feature was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBAL_LOG_FAILED

Message text	Failed to disable SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBAL_LOG_FAILED: Failed to disable SSL VPN logging globally.
Explanation	Failed to disable the SSL VPN global logging feature.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBALURLMASKING

Message text	Disabled global URL masking in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBALURLMASKING: Disabled global URL masking in context ctx1.
Explanation	Disabled global URL masking in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBALURLMASKING_FAILED

Message text	Failed to disable global URL masking in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBALURLMASKING_FAILED: Failed to disable global URL masking in context ctx1.
Explanation	Failed to disable global URL masking in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_IPTNL_LOG_FAIL

Message text	Failed to disable IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_IPTNL_LOG_FAIL: Failed to disable IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Failed to disable logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_DISABLE_IPTNL_LOG

Message text	Disabled IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_IPTNL_LOG: Disabled IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Disabled logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_DISABLE_PWDAUTH

Message text	Disabled password authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_PWDAUTH: Disabled password authentication in context ctx1.
Explanation	Disabled password authention in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_PWDAUTH_FAILED

Message text	Failed to disable password authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_PWDAUTH_FAILED: Failed to disable password authentication in context ctx1.
Explanation	Failed to disable password authention in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_SMSIMC

Message text	Disabled iMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_SMSIMC: Disabled iMC SMS message authentication in context ctx1.
Explanation	IMC SMS message authentication was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_SMSIMC_FAILED

Message text	Failed to disable iMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_SMSIMC_FAILED: Failed to disable iMC SMS message authentication in context ctx1.
Explanation	Failed to disable IMC SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_URLMASKING

Message text	Disabled URL masking for URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_URLMASKING: Disabled URL masking for URL item item1 in context ctx1.
Explanation	Disabled URL masking for a URL item.
Recommended action	No action is required.

SSLVPN_DISABLE_URLMASKING_FAILED

Message text	Failed to disable URL masking for URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_URLMASKING_FAILED: Failed to disable URL masking for URL item item1 in context ctx1.
Explanation	Failed to disable URL masking for a URL item.
Recommended action	No action is required.

SSLVPN_DISABLE_VERIFYCODE

Message text	Disabled code verification in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_VERIFYCODE: Disabled code verification in context ctx1.
Explanation	Code verification was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_VERIFYCODE_FAILED

Message text	Failed to disable code verification in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_VERIFYCODE_FAILED: Failed to disable code verification in context ctx1.
Explanation	Failed to disable code verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DOMAIN_URLMAPPING

Message text	Configured domain mapping for URL item [STRING] in context [STRING]: mapped domain name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped domain name. $4: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_DOMAIN_URLMAPPING: Configured domain mapping for URL item item1 in context ctx1: mapped domain name=www.abc.com, URL rewriting=enabled.
Explanation	Configured the domain mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_DOMAIN_URLMAPPING_FAILED

Message text	Failed to configure domain mapping for URL item [STRING] in context [STRING]: mapped domain name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped domain name. $4: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_DOMAIN_URLMAPPING_FAILED: Failed to configure domain mapping for URL item item1 in context ctx1: mapped domain name=www.abc.com, URL rewriting=enabled.
Explanation	Failed to configure the domain mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_ENABLE_CONTEXT

Message text	Enabled service in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CONTEXT: Enabled service in context ctx1.
Explanation	An SSL VPN context was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_CONTEXT_FAILED

Message text	Failed to enable service in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CONTEXT_FAILED: Failed to enable service in context ctx1.
Explanation	Failed to enable an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_CRTAUTH

Message text	Enabled certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CRTAUTH: Enabled certificate-authentication in context ctx1.
Explanation	Certification authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_CRTAUTH_FAILED

Message text	Failed to enable certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CRTAUTH_FAILED: Failed to enable certificate-authentication in context ctx1.
Explanation	Failed to enable certification authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_DYNAMICPWD

Message text	Enabled dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_DYNAMICPWD: Enabled dynamic password verification in context ctx1.
Explanation	Dynamic password verification was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_DYNAMICPWD_FAILED

Message text	Failed to enable dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_DYNAMICPWD_FAILED: Failed to enable dynamic-password in context ctx1.
Explanation	Failed to enable dynamic password verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_FORCELOGOUT

Message text	Enabled force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_FORCELOGOUT: Enabled force logout in context ctx1.
Explanation	The force logout feature was enabled. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_ENABLE_FORCELOGOUT_FAILED

Message text	Failed to enable force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_FORCELOGOUT_FAILED: Failed to enable force logout in context ctx1.
Explanation	Failed to enable the force logout feature. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_ENABLE_GATEWAY

Message text	Enabled service in gateway [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GATEWAY: Enabled service in gateway gw1.
Explanation	An SSL VPN gateway was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_GATEWAY_FAILED

Message text	Failed to enable service in gateway [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GATEWAY_FAILED: Failed to enable service in gateway gw1.
Explanation	Failed to enable an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBAL_LOG

Message text	Enabled SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBAL_LOG: Enabled SSL VPN logging globally.
Explanation	The SSL VPN global logging feature was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBAL_LOG_FAILED

Message text	Failed to enable SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBAL_LOG_FAILED: Failed to enable SSL VPN logging globally.
Explanation	Failed to enable the SSL VPN global logging feature.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBALURLMASKING

Message text	Enabled global URL masking in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBALURLMASKING: Enabled global URL masking in context ctx1.
Explanation	Enabled global URL masking in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBALURLMASKING_FAILED

Message text	Failed to enable global URL masking in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBALURLMASKING_FAILED: Failed to enable global URL masking in context ctx1.
Explanation	Failed to enable global URL masking in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_IPTNL_LOG

Message text	Enabled IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_IPTNL_LOG: Enabled IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Enabled logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_ENABLE_IPTNL_LOG_FAIL

Message text	Failed to enable IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_IPTNL_LOG_FAIL: Failed to enable IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Failed to enable logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_ENABLE_PWDAUTH

Message text	Enabled password authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_PWDAUTH: Enabled password authentication in context ctx1.
Explanation	Password authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_PWDAUTH_FAILED

Message text	Failed to enable password authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_PWDAUTH_FAILED: Failed to enable password authentication in context ctx1.
Explanation	Failed to enable password authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_SMSIMC

Message text	Enabled iMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_SMSIMC: Enabled iMC SMS message authentication in context ctx1.
Explanation	IMC SMS message authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_SMSIMC_FAILED

Message text	Failed to enable iMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_SMSIMC_FAILED: Failed to enable iMC SMS message authentication in context ctx1.
Explanation	Failed to enable IMC SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_URLMASKING

Message text	Enabled URL masking for URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_URLMASKING: Enabled URL masking for URL item item1 in context ctx1.
Explanation	Enabled URL masking for a URL item.
Recommended action	No action is required.

SSLVPN_ENABLE_URLMASKING_FAILED

Message text	Failed to enable URL masking for URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_URLMASKING_FAILED: Failed to enable URL masking for URL item item1 in context ctx1.
Explanation	Failed to enable URL masking for a URL item.
Recommended action	No action is required.

SSLVPN_ENABLE_VERIFYCODE

Message text	Enabled code verification in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_VERIFYCODE: Enabled code verification in context ctx1.
Explanation	Code verification was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_VERIFYCODE_FAILED

Message text	Failed to enable code verification in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_VERIFYCODE_FAILED: Failed to enable code verification in context ctx1.
Explanation	Failed to enable code verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_IP_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] and virtual address [STRING] denied access to [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address that the SSL VPN gateway allocated to the VNIC of the client. $5: IP address of the requested resource. $6: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 and virtual address 2.1.1.1 denied access to 10.1.1.255:137.
Explanation	A user was denied access to specific IP resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for IP access filtering.

SSLVPN_IP_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] and virtual address [STRING] failed to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address that the SSL VPN gateway allocated to the VNIC of the client. $5: IP address of the requested resource. $6: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 and virtual address 2.1.1.1 failed to access 10.1.1.255:137.
Explanation	A user failed to access IP resources, possibly caused by network problems.
Recommended action	Verify that a route is available to reach the requested IP resource.

SSLVPN_IP_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] and virtual address [STRING] permitted access to [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address that the SSL VPN gateway allocated to the VNIC of the client. $5: IP address of the requested resource. $6: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 and virtual address 2.1.1.1 permitted access to 10.1.1.255:137.
Explanation	A user accessed IP resources.
Recommended action	No action is required.

SSLVPN_IPAC_ALLOC_ADDR_FAIL

Message text	Failed to allocate [STRING] address to user [STRING] at [STRING] in context [STRING]. Reason: [STRING].
Variable fields	$1: IP version of the address. $2: Username. $3: User IP address. $4: SSL VPN context name. $5: Reason why the SLS VPN gateway failed to allocate an IP address to the VNIC of the client. Options are: · Failed to obtain system resource data. · No address is available in the address pool. · Failed to obtain address pool. · Available addresses in the address pool have been bound to other users.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_FAIL: Failed to allocate IPv4 address to user abc at 192.168.68.10 in context ctx. Reason: Failed to obtain system resource data.
Explanation	The SSL VPN gateway failed to allocate an IP address to the VNIC of the IP access client.
Recommended action	3. Verify that the device is operating correctly. 4. Verify that the address pool is configured. 5. Verify that the address pool has available addresses. 6. Verify that the available addresses are not bound to other users.

SSLVPN_IPAC_ALLOC_ADDR_SUCCESS

Message text	[STRING] address [STRING] successfully allocated to user [STRING] at [STRING] in context [STRING].
Variable fields	$1: IP version of the address. $2: IP address that the SSL VPN gateway allocated to the VNIC of the client. $3: Username. $4: User IP address. $5: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_ALLOC_ADDR_SUCCESS: IPv4 address 10.1.1.1 successfully allocated to user abc at 192.168.68.10 in context ctx.
Explanation	The SSL VPN gateway allocated an IP address to the VNIC of the IP access client successfully.
Recommended action	No action is required.

SSLVPN_IPAC_CONN_CLOSE

Message text	IP connection was [STRING]. Reason: [STRING].
Variable fields	$1: Connection close type. Options are: · closed. · aborted. $2: Reason why the connection was closed. Options are: · User logout. · Failure to find peer. · Handshake failed. · Change of IP address pool. · Failure to receive data. · Local retransmission timeout. · Local keepalive timeout. · Local probe timeout. · Received FIN from peer. · Received RST from peer. · No authorized policy group. · Allocated address was bound to another user. · Failure to update client configuration. · Deleted old peer. · Other.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IPAC_CONN_CLOSE: IP connection was closed. Reason: User logout.
Explanation	The reason for the close of an IP connection was logged.
Recommended action	No action is required.

SSLVPN_IPAC_PACKET_DROP

Message text	Dropped [STRING] IP connection [STRING] packets in context [STRING]. Reason: [STRING].
Variable fields	$1: Number of dropped packets. $2: Dropped packet type: · request. · reply. $3: SSL VPN context name. $4: Reason for the packet drop: · Context rate limit. · Buffer insufficient.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_PACKET_DROP: Dropped 5 IP connection request packets in context ctx1. Reason: Context rate limit.
Explanation	The reason for IP access packet drop was logged.
Recommended action	No action is required.

SSLVPN_IPAC_RELEASE_ADDR_SUCCESS

Message text	User [STRING] at [STRING] in context [STRING] released [STRING] address [STRING].
Variable fields	$1: IP version of the address. $2: Username. $3: User IP address. $4: SSL VPN context name. $5: IP address that the SSL VPN gateway allocated to the VNIC of the client.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_RELEASE_ADDR_SUCCESS: User abc at 192.168.68.10 in context ctx released IPv4 address 10.1.1.1.
Explanation	The SSL VPN gateway released the allocated IP address from the VNIC of the IP access client successfully.
Recommended action	No action is required.

SSLVPN_PORT_URLMAPPING

Message text	Configured port mapping for URL item [STRING] in context [STRING]: mapped gateway name=[STRING], virtual host name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped SSL VPN gateway name. $4: Virtual host name. $5: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_PORT_URLMAPPING: Configured port mapping for URL item item1 in context ctx1: mapped gateway name=www.abc.com, virtual host name=vhost1, URL rewriting=enabled.
Explanation	Configured the port mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_PORT_URLMAPPING_FAILED

Message text	Failed to configure port mapping for URL item [STRING] in context [STRING]: mapped gateway name=[STRING], virtual host name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped SSL VPN gateway name. $4: Virtual host name. $5: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_PORT_URLMAPPING_FAILED: Failed to configure port mapping for URL item item1 in context ctx1: mapped gateway name=gw1, virtual host name=vhost1, URL rewriting=enabled.
Explanation	Failed to configure the port mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_SERVICE_UNAVAILABLE

Message text	SSL VPN service was unavailable. Reason: [STRING].
Variable fields	$1: Reason why the SSL VPN service was unavailable. Options are: · SSL VPN context not enabled. · No available SSL VPN contexts.
Severity level	6
Example	SSLVPNK/6/SSLVPN_SERVICE_UNAVAILABLE: SSL VPN service was unavailable. Reason: SSL VPN context not enabled.
Explanation	The reason for the unavailability of an SSL VPN service was logged.
Recommended action	If the reason is SSL VPN context not enabled, enter SSL VPN context view and use the service enable command to enable the context. If the reason is No available SSL VPN contexts, verify that the SSL VPN gateway to which the user is connected is associated with SSL VPN contexts.

SSLVPN_TCP_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] denied to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 denied to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user was denied access to specific TCP resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for TCP access filtering.

SSLVPN_TCP_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] failed to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 failed to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user failed to access TCP resources, possibly caused by network problems or DNS resolution failures.
Recommended action	1. Verify that a route is available to reach the requested TCP resource. 2. Verify that a DNS server is available for domain name resolution.

SSLVPN_TCP_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] permitted to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 permitted to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user accessed TCP resources.
Recommended action	No action is required.

SSLVPN_UNDO_FORCELOGOUT

Message text	Disabled force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_UNDO_FORCELOGOUT: Disabled force logout in context ctx1.
Explanation	The force logout feature was disabled. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_UNDO_FORCELOGOUT_FAILED

Message text	Failed to disable force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_UNDO_FORCELOGOUT_FAILED: Failed to disable force logout in context ctx1.
Explanation	Failed to disable the force logout feature. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_URLITEM_ADD_URIACL

Message text	Specified URI ACL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_ADD_URIACL: Specified URI ACL uriacl1 for URL item item1 in context ctx1.
Explanation	Specified a URI ACL for a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_ADD_URIACL_FAILED

Message text	Failed to specify URI ACL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_ADD_URIACL_FAILED: Failed to specify URI ACL uriacl1 for URL item item1 in context ctx1.
Explanation	Failed to specify a URI ACL for a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_DEL_URIACL

Message text	Removed URI ACL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_DEL_URIACL: Removed URI ACL uriacl1 from URL item item1 in context ctx1.
Explanation	Removed the URI ACL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_DEL_URIACL_FAILED

Message text	Failed to remove URI ACL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_DEL_URIACL_FAILED: Failed to remove URI ACL uriacl1 from URL item item1 in context ctx1.
Explanation	Failed to remove the URI ACL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_USER_LOGIN

Message text	User [STRING] of context [STRING] logged in from [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGIN: User abc of context ctx logged in from 192.168.200.31.
Explanation	A user logged in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGINFAILED

Message text	User [STRING] of context [STRING] failed to log in from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Reason for the login failure: · Authentication failed. Reason: incorrect username or password, authentication server error, or number of users reaching the maximum allowed by an account. · Authentication failed. Reason: The account expires. · Authentication failed. · Authorization failed. · Accounting failed. · Number of online users exceeded the limit. · Failed to get SMS message code from iMC server. · Maximum number of concurrent online connections for the user already reached. · Login timed out. · The authentication server is not reachable. · The authorization server is not reachable. · The accounting server is not reachable. · Other.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGINFAILED: User abc of context ctx failed to log in from 192.168.200.31.
Explanation	A user failed to log in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGOUT

Message text	User [STRING] of context [STRING] logged out from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Reason for user logout: · Idle timeout. · A logout request was received from the Web browser. · A logout request was received from the client. · Forced logout. · A new login was attempted and logins using the account reach the maximum. · Accounting update failed. · Accounting session timed out. · Interface went down. · ADM request was received. · Idle cut for traffic not reach the minimum required amount.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGOUT: User abc of context ctx logged out from 192.168.200.31. Reason: A logout request was received from the Web browser.
Explanation	A user logged out of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_NUMBER

Message text	The number of SSL VPN users reached the upper limit.
Variable fields	None.
Severity level	6
Example	SSLVPN/6/SSLVPN_USER_NUMBER: The number of SSL VPN users reached the upper limit.
Explanation	The number of SSL VPN users reached the upper limit.
Recommended action	No action is required.

SSLVPN_WEB_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] denied to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 denied to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user was denied access to specific Web resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for Web access filtering.

SSLVPN_WEB_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] failed to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 failed to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user failed to access Web resources, possibly caused by network problems or DNS resolution failures.
Recommended action	1. Verify that a route is available to reach the requested Web resource. 2. Verify that a DNS server is available for domain name resolution.

SSLVPN_WEB_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] permitted to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 permitted to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user accessed Web resources.
Recommended action	No action is required.

STAMGR messages

This section contains station management messages.

STAMGR_ADD_FAILVLAN

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Added a user to the Fail VLAN [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the Fail VLAN.
Severity level	5
Example	STAMGR/5/STAMGR_ADD_FAILVLAN:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Added a user to the Fail VLAN 5.
Explanation	The client failed to pass the authentication and was assigned to the Auth-Fail VLAN.
Recommended action	No action is required.

STAMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

STAMGR_ADDSTA_INFO

Message text	Add client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_ADDSTA_INFO: Add client 3ce5-a616-28cd.
Explanation	The client was connected to the BAS AC.
Recommended action	No action is required.

STAMGR_AUTHORACL_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign an ACL [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ACL number. $6: Reason: · The ACL doesn't exist. · This type of ACL is not supported. · The memory resource is not enough. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · The OpenFlow tunnel was not established. · The OpenFlow table is full. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORACL_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign an ACL 2000. Reason: The ACL doesn’t exist.
Explanation	The authentication server failed to assign an ACL to the client.
Recommended action	No action is required.

STAMGR_AUTHORUSERPROFILE_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign user profile [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: Name of the authorization user profile. $6: Failure cause: · The user profile doesn’t exist. · No user profiles are created on the device. · The memory resource is not enough. · The OpenFlow tunnel was not established. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORUSERPROFILE_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign user profile aaa. Reason: No user profiles are created on the device.
Explanation	The authentication server failed to assign a user profile to the client.
Recommended action	No action is required.

STAMGR_BSS_FAILURE

Message text	-APID=[STRING]-RadioID=[STRING]-WLANID=[STRING]-ST Name=[STRING]; The number of BSSs exceeded the upper limit.
Variable fields	$1: AP ID. $2: Radio ID. $3: WLAN ID. $4: Service template name.
Severity level	6
Example	STAMGR/6/SERVICE_BSS_FAILURE: -APID=1-RadioID=2-WLANID=3-ST Name=1; The number of BSSs exceeded the upper limit.
Explanation	The number of AP radios using this service template has exceeded the upper limit.
Recommended action	No action is required.

STAMGR_CLEINT_BSS_MAXCOUNT

Message text	SSID=[STRING]-APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the BSS.
Variable fields	$1: SSID. $2: AP ID. $3: Radio ID.
Severity level	5
Example	STAMGR/5/STAMGR_CLIENT_BSS_MAXCOUNT: SSID=test-wifi-APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the BSS.
Explanation	The number of associated clients reached the upper limit allowed by the BSS.
Recommended action	No action is required.

STAMGR_CLIENT_FAILURE

Message text	Client [STRING] failed to come online from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING] Reason: [STRING].
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reasons for the client's failure to come online. Table 19 describes the possible reasons.
Severity level	5
Example	STAMGR/6/STAMGR_CLIENT_FAILURE: Client 3303-c2af-b8d2 failed to come online from BSS 0023-12ef-78dc with SSID 1 on AP ap1 Radio ID 2 Reason: Unknown reason.
Explanation	The client failed to come online from the BSS for a specific reason.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the issue and resolve it. 2. If the issue persists, contact H3C Support.

Table 19 Possible failure reasons

Possible reasons
Unknown error.
Failed to process open authentication packet from the client.
Failed to send responses when the AC successfully processed open authentication packet from the client.
Failed to create state timer when the AC received authentication packet in Unauth state.
Failed to refresh state timer when the AC received authentication packet in Unauth state.
Received association packet Unauth state.
Received deauthentication packet with reason code code in Unauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Unauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Received Auth failure packet in Unauth state.
Received state timer timeout in Unauth state.
Received deauthentication packet with reason code code in Auth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received authentication packet with inconsistent authentication algorithm or shared key in Auth state.
Received state timer timeout in Auth state.
Failed to process Add Mobile message when client association succeeded in Auth state.
Received inconsistent authentication algorithm or share key in Userauth state.
Failed to check association request when the AC received association packet in Userauth state.
Failed to process IE when the AC received association packet in Userauth state.
Failed to send association responses when the AC received association packet in Userauth state.
Failed to process Add Mobile message when client association succeeded in Userauth state.
Received deauthentication packet with reason code code in Userauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Userauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Client authentication failed in Userauth state.
Failed to get backup client data while using AP private data to upgrade client.
Failed to set kernel forwarding table while using AP private data to upgrade client.
Failed to add MAC while using AP private data to upgrade client.
Failed to create keepalive and idle timeout timers while using AP private data to upgrade client.
Failed to set kernel forwarding table while upgrading client without using AP private data.
Failed to add MAC while upgrading client without using AP private data.
Failed to activate client while upgrading client without using AP private data.
Failed to synchronize client information to configuration thread while upgrading client without using AP private data.
Failed to create keepalive and idle timeout timers while upgrading client without using AP private data.
Failed to add MAC during inter-device client smooth creation.
Failed to set kernel forwarding table during inter-device client smooth creation.
Failed to send Add Mobile message during inter-device client smooth creation.
Failed to get AP type during inter-device client smooth creation.
Failed to recover service data while recovering running client data from database.
Failed to synchronize data to service thread while recovering basic client data from database.
Failed to add MAC when hierarchy device received upstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received upstream Add Mobile message.
Failed to synchronize upstream message when hierarchy device received upstream Add Mobile message.
Failed to create client when hierarchy device received upstream Add Mobile message.
Failed to add MAC when hierarchy device received downstream Add Mobile message.
Failed to synchronize data to service thread when hierarchy device received downstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received downstream Add Mobile message.
Failed to send down add pbss to driver when hierarchy device received downstream Add Mobile message.
Failed to synchronize downstream message when hierarchy device received downstream Add Mobile message.
Failed to create client when hierarchy device received downstream Add Mobile message.
Failed to create interval statistics timer when hierarchy device received downstream Add Mobile message.
Failed to obtain AP private data when hierarchy device received downstream Add Mobile message.
Failed to advertise Add Mobile message.
Failed to activate client when hierarchy device received downstream client state synchronization message.
Failed to get AP type when hierarchy device received downstream client state synchronization message.
Failed to synchronize downstream message when hierarchy device received downstream client state synchronization message.
The radio was in down state when hierarchy device received downstream Add Mobile message.
Hierarchy device failed to process the upstream Add Mobile message.
Hierarchy device failed to process downstream Add Mobile message.
Failed to process service thread during inter-device client smooth creation.
Failed to create client during inter-device smooth.
Failed to process upstream client state synchronization message in Userauth state.
Failed to process downstream client state synchronization message in Userauth state.
Hierarchy device failed to process upstream client state synchronization message.
Hierarchy device failed to process downstream client state synchronization message.
AC received message for deleting the client entry.
Fit AP received message for deleting the client.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
AP down.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
Deleted private data on AP: DBM database recovered.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending deassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID.
Synchronized client information to process and logged off client.
Failed to synchronize client state to uplink devices.
Local AC or remote AP received Add Mobile message updated BSS and logged off clients.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot-backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Successful message.
Failed to notify client of the recovery of basic client data from database.
Failed to recover basic client data from database.
Client already existed when the AC received Auth packet from the client and checked online clients.
Client already existed during FT Over-the-DS authentication.
SKA authentication failed.
Deadline timer timed out during FT authentication.
Failed to send the response for the successful shared key authentication to the client.
Failed to get FT data during FT authentication.
FT authentication was performed and BSS does not support FT.
Failed to process FT authentication-success result.
Failed to process FT authentication.
Maximum number of clients already reached when remote request message was received.
Failed to fill authorization information while processing authorization message.
Failed to process key negotiation during 802.1X authentication.
Invalid session key length during 802.1X authentication.
802.1X authentication failed.
802.1X server was unreachable.
User timer timed out during 802.1X authentication.
Server timer timed out during 802.1X authentication.
802.1X authentication configuration error.
Received nonexistent authorization VLAN group during 802.1X authentication.
MAC authentication failed.
MAC server was unreachable.
Session time is zero during MAC authentication.
Server timer timed out during MAC authentication.
802.1X authentication failed and the return code is code.
MAC authentication failed and the return code is code.
Authorization failed for 802.1X authentication and the return code is code.
Authorization failed for MAC authentication and the return code is code.
Accounting start failed for 802.1X authentication and the return code is code.
Accounting start failed for MAC authentication and the return code is code.
Accounting update failed for 802.1X authentication and the return code is code.
Accounting update failed for MAC authentication and the return code is code.
Failed to receive client EAP request for 802.1X authentication.
Failed to receive server response for 802.1X authentication.
Failed to receive server response for MAC authentication.
Received client log-off packet during 802.1X authentication.
802.1X client handshake failed.
Incorrect 802.1X authentication method.
IP conflict detected by address security check.
MAC conflict detected by address security check.
The number of clients exceed the maximum allowed value of radio.
The number of clients exceed the maximum allowed value of BSS.

STAMGR_CLIENT_OFFLINE

Message text	Client [STRING] went offline from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Unauth. Reason [STRING]
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reason why the client goes offline. Table 20 describes the possible reasons.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc on AP ap1 Radio ID 2. State changed to Unauth. Reason: Radio down.
Explanation	The client went offline from the BSS for a specific reason. The state of the client changed to Unauth.
Recommended action	To resolve the issue: 1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. If the logoff was requested by the client, no action is required. 2. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 3. If the issue persists, contact H3C Support.

Table 20 Possible logoff reasons

Possible reasons
Received disassociation frame in Run state: reason code=String.
Unknown reason.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master/backup AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
DBM database failed to recover client operation data.
Deleted private data on AP: DBM database recovered.
Received deauthentication frame in Run state: reason code=String.
Failed to process (re)association request in Run state.
Unmatched authentication algorithm in received authentication message.
Idle timer timeout.
Keepalive timer timeout.
Received authentication failure message.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was marked as decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending disassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk when configured permitted AP group or permitted SSID.
Synchronized client information to process and logged off client in Run state.
Failed to synchronize client state to uplink/downlink devices.
Local AC or remote AP received add mobile message, updated BSS, and logged off clients in Run state.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Fit AP received message for deleting the client.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Success message.
The client doesn't support mandatory rate.
Disabled access services for 802.11b clients.
The client doesn't support mandatory VHT-MCS.
Enabled the client dot11ac-only feature.
Disabled MUTxBF.
Disabled SUTxBF.
The client doesn't support mandatory MCS.
Channel bandwidth changed.
Disabled the client dot11n-only feature.
Disabled short GI.
Disabled the A-MPDU aggregation method.
Disabled the A-MSDU aggregation method.
Disabled STBC.
Disabled LDPC.
The MIMO capacity decreased, and the MCS supported by the AP can't satisfy the client's negotiated MCS.
The MIMO capacity decreased, and the VHT-MCS supported by the AP can't satisfy the client's negotiated VHT-MCS.
Hybrid capacity increased, which kicked off clients associated with other radios with lower Hybrid capacity.
Failed to add MAC address.
The roaming entry doesn't exist while the AC was processing the roaming request during client smooth reconnection.
Home AC processed the move out response message to update the roaming entry and notified the foreign AC to force the client offline during an inter-AC roaming.
The associated AC left from the mobility group and deleted roam-in entries and roaming entries of the client.
Executed the reset wlan mobility roaming command.
Kicked client because of roaming to another BSSID.
The roaming entry doesn't exist while the AC was processing the Add Preroam message during client smooth reconnection.
Deleted roaming entries of clients in the fail VLAN while processing a fail VLAN delete event.
Deleted the roaming entry of the client while processing a client delete event.
Moving to another SSID on the same radio.
Kicked off the client because Oasis platform microservice deleted the password entry.
Time expired for learning client IPv4 address through DHCP.
AP triggered (idle timeout).
AP triggered (channel change).
AP triggered (bandwidth change).
Received log-off packet from 802.1X authentication client.
802.1X client handshake failed.
Accounting update timed out for the 802.1X authentication client.
Accounting update timed out for the MAC authentication client.
802.1X authentication client idle cut on AP.
MAC authentication client idle cut on AP.
Session timeout timer expired for the 802.1X authentication client.
Session timeout timer expired for the MAC authentication client.
Received client disassociation message from server for the 802.1X authentication client.
Received client disassociation message from server for the MAC authentication client.
Received nonexistent authorization VLAN group for the 802.1X authentication client.
Received nonexistent authorization VLAN group for the MAC authentication client.
Total client traffic failed to reach the minimum traffic threshold.
Failed to obtain the client IP address before the accounting delay timer expired.
IP conflict detected by address security check.
MAC conflict detected by address security check.
Logged off client because the EoGRE tunnel went down.

STAMGR_CLIENT_ONLINE

Message text	Client [STRING] went online from BSS [STRING] VLAN [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Run.
Variable fields	$1: MAC address of the client. $2: BSSID. $3: VLAN ID. $4: SSID defined in the service template. $5: Name of the AP associated with the client. $6: ID of the radio associated with the client.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc VLAN 1 with SSID abc on AP ap1 Radio ID 2. State changed to Run.
Explanation	The client came online from the BSS. The state of the client changed to Run.
Recommended action	No action is required.

STAMGR_CLIENT_RADIO_MAXCOUNT

Message text	APName=[STRING]-RadioID=[STRING]; Number of associated clients reached the upper limit allowed by the radio.
Variable fields	$1: AP name. $2: Radio ID.
Severity level	5
Example	STAMGR/5/STAMGR_CLIENT_RADIO_MAXCOUNT: APName=ap1-RadioID=2; Number of associated clients reached the upper limit allowed by the radio.
Explanation	The number of associated clients reached the upper limit allowed by the radio.
Recommended action	No action is required.

STAMGR_CLIENT_SNOOPING

Message text	Detected client IP change: Client MAC: [SRTING], IP: [STRING], [STRING], [STRING], Username: [STRING], AP name: [STRING], Radio ID [UCHAR], Channel number: [UINT32], SSID: [STRING], BSSID: [STRING].
Variable fields	$1: MAC address of the client. $2: Current IP address of the client. $3: Used IP address of the client. $4: Used IP address of the client. $5: Username of the client. $6: Name of the AP associated with the client. $7: ID of the radio associated with the client. $8: ID of the channel used by the client. $9: SSID of the service template associated with the client. $10: BSSID of the service template associated with the client.
Severity level	6
Example	STAMGR_CLIENT_SNOOPING: Detected client IP change: Client MAC: 31ac-11ea-17ff,IP: 4.4.4.4, IP: 1.1.1.1, IP: 2.2.2.2,IP: -NA-,User name: test, AP name: ap1, Radio ID: 1, Channel number: 161,SSID: 123, BSSID: 25c8-3dd5-261a.
Explanation	IP change was detected for a specific client.
Recommended action	No action is required.

STAMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

STAMGR_DELSTA_INFO

Message text	Delete client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_DELSTA_INFO: Delete client 3ce5-a616-28cd.
Explanation	The client was disconnected from the BAS AC.
Recommended action	No action is required.

STAMGR_MACA_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user failed MAC authentication. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason for the authentication failure: · AAA processed authentication request and returned error code code. ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received nonexistent authorization VLAN group. · Client kicked out on expiration of the idle-cut timer because its total traffic had not reached the required minimum amount of traffic. · Had failed to obtain the client IP address before the accounting delay timer expired. · Unknown reason.
Severity level	5
Example	STAMGR/5/STAMGR_MACA_LOGIN_FAILURE:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user failed MAC authentication. Reason: AAA processed authentication request and returned error code 8.
Explanation	The client failed to pass MAC authentication for a specific reason.
Recommended action	To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. Troubleshoot errors one by one according to the returned error code during authentication. 5. If the issue persists, contact H3C Support.

STAMGR_MACA_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user passed MAC authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGIN_SUCC:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user passed MAC authentication and came online.
Explanation	The client came online after passing MAC authentication.
Recommended action	No action is required.

STAMGR_MACA_LOGOFF

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; Session for a MAC authentication user was terminated. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $6: Reason why the client is logged off. · AAA processed authentication request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. Server reason: reason. The reason field represents the reason returned from the server and is available only when the server returned a reason. Available error codes include: ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received disassociation frame in Run state: reason code=code. · Received deauthentication frame in Run state: reason code=code. · Received disassociation packet in Userauth state. · Received deauthentication packet in Userauth state. · Received client failure message with reason code=code. · Received client offline message with reason code=code. · Unknown reason.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGOFF:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; Session for a MAC authentication user was terminated. Reason: Received user security information and kicked off the client.
Explanation	The MAC authenticated client was logged off for a specific reason.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the logoff cause and remove the issue. If the logoff was requested by the client, no action is required. 2. If the issue persists, contact H3C Support.

STAMGR_ROAM_FAILED

Message text	Client [MAC] on AP [STRING] Radio ID [STRING] failed to roam with reason code [UINT32].
Variable fields	$1: MAC address of the client. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client. $4: Reason code for the roaming failure: · 1—Failed to select a roaming policy. · 2—Insufficient memory resources. · 3—Network communication failures. · 4—Lack of local roaming entries. · 5—Failed to add a VLAN.
Severity level	4
Example	STAMGR/4/STAMGR_ROAM_FAILED: Client 001f-3ca8-1092 on AP ap1 Radio ID 2 failed to roam with reason code 1.
Explanation	The client failed to roam for a specific reason.
Recommended action	To resolve the issue, depending on the reason code: · 1—Use the display wlan client verbose command to verify that the authentication method has changed. · 2—Use the display process memory command to check memory resource usage for each module. · 3—Use the display wlan mobility group command to check the IACTP tunnel state. · 4—Use the display wlan mobility group command to check the IACTP tunnel state. · 5—Check the trace.log file for VLAN adding failure reason.

STAMGR_ROAM_SUCCESS

Message text	Client [MAC] roamed from BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] to BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] successfully.
Variable fields	$1: MAC address of the client. $2: BSSID of the AP associated with the client before roaming. $3: Name of the AP associated with the client before roaming. $4: ID of the radio associated with the client before roaming. $5: IP address of the AC associated with the client before roaming. $6: BSSID of the AP associated with the client after roaming. $7: Name of the AP associated with the client after roaming. $8: ID of the radio associated with the client after roaming. $9: IP address of the AC associated with the client after roaming.
Severity level	6
Example	STAMGR/6/STAMGR_ROAM_SUCCESS: Client 0021-005f-dffd roamed from BSSID 000f-e289-6ad0 on AP ap1 Radio ID 2 of AC IP 172.25.0.81 to BSSID 000f-e2ab-baf0 on AP ap2 Radio ID 2 of AC IP 172.25.0.82 successfully.
Explanation	The client roamed successfully.
Recommended action	No action is required.

STAMGR_SERVICE_FAILURE

Message text	Service failure occurred on BSS [STRING] after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING] with AP ID [STRING]. Reason: [STRING], code=0x[STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: AP ID. $7: Reason for the service failure, as described in Table 21. $8: Error code.
Severity level	6
Example	STAMGR/6/SERVICE_FAILURE: Service failure occurred on BSS 0023-12ef-78dc after service template st1 with SSID st1ssid was bound to radio 1 on AP ap1 with AP ID 1. Reason: Failed to activate BSS when AP came online, code=0x61140001.
Explanation	After the AP came online, BSS activation failed for a specific reason with error code 0x61140001.
Recommended action	To resolve the issue: 1. Check the debugging information to locate the failure cause and remove the issue. 2. If the issue persists, contact H3C Support.

Table 21 Possible service failure reasons

Possible reasons
Failed to create a BSS interface during smooth BSS interface creation.
Replied with failure to transmit interface creation node during smooth BSS interface creation.
Failed to set forwarding location during smooth recovery of AP data.
Failed to initiate a series of locations during smooth recovery of AP data.
Failed to send message of creating BSS interface to worker thread during smooth recovery of AP data.
Failed to create handle during smooth recovery of AP data.
Failed to activate BSS during smooth recovery of AP data.
Failed to set kernel forwarding table during smooth recovery of AP data.
Failed to create BSS node when AP came online.
Failed to create BSS handle when AP came online.
Insufficient memory for creating BSS node when AP came online.
Failed to get radio private data while creating BSS node in general process.
Failed to initiate a series of locations while creating BSS node in general process.
Failed to set kernel forwarding table while creating BSS node in general process.
Failed to create BSS node during smooth recovery of BSS data.
Failed to get AP location while recovering BSS running data from DBM.
Failed to get radio private data while recovering BSS running data from DBM.
Failed to add BSS index to interface index while recovering BSS running data from DBM.
Failed to create BSS handle when hierarchy device received Add WLAN message.
Failed to initiate a series of locations when hierarchy device received Add WLAN message.
Failed to set forwarding location when hierarchy device received Add WLAN message.
Failed to send message to worker thread when hierarchy device received Add WLAN message.
Failed to set kernel forwarding table when hierarchy device received Add WLAN message.
Failed to activate BSS when hierarchy device received Add WLAN message.
Failed to issue Add WLAN message when hierarchy device received Add WLAN message.
Failed to activate BSS when service template was bound.
Failed to create BSS node when service template was bound.
Failed to create BSS handle when service template was bound.
Failed to add bind node to mapped radio list of the service template while recovering service template binding information for service thread from pending database.
Failed to create BSS node while recovering service template binding information for service thread from pending database.
Failed to add bind node to mapped radio list of the service template while creating BSS from Merger.
Failed to create BSS node while creating BSS from Merger.
Failed to apply for memory while creating BSS node.
Failed to calculate BSSID while creating BSS node.
Service thread received interface creation failure while creating BSS interface during smooth recovery of AP data.
Failed to add BSS index to interface index while creating BSS interface during smooth recovery of AP data.
Failed to add VLAN on the interface while creating BSS interface during smooth recovery of AP data.
Failed to set the source MAC address of the interface while creating BSS interface during smooth recovery of AP data.
Failed to set kernel forwarding table while creating BSS interface during smooth recovery of AP data.
Failed to activate BSS while creating BSS interface during smooth recovery of AP data.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly.
Failed to create BSS interface when BSS created an interface accordingly.
Failed to add BSS index to interface index when BSS created an interface accordingly.
Failed to add VLAN on the interface when BSS created an interface accordingly.
Failed to set source MAC address of the interface when BSS created an interface accordingly.
Failed to set kernel forwarding table when BSS created an interface accordingly.
Failed to issue ADD BSS message when BSS created an interface accordingly.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly for an invalid interface.
Created BSS rollback for failed resources while issuing ADD BSS message callback.
Failed to enable packet socket while recovering BSS running data from DBM.
Failed to create BSS node while recovering BSS running data from DBM.
Failed to initiate BSS while creating BSS node.
Failed to activate BSS when service template was enabled.
Invalid BSS interface index while upgrading BSS with AP private data.
Failed to upgrade backup BSS to real BSS while upgrading BSS with AP private data.
Failed to set kernel forwarding table while upgrading BSS with AP private data.
Failed to activate BSS while upgrading BSS with AP private data.
Invalid BSS interface index while upgrading BSS without AP private data.
Failed to set kernel forwarding table while upgrading BSS without AP private data.
Failed to activate BSS while upgrading BSS without AP private data.
Failed to create BSS interface while creating general BSS process.
Failed to activate BSS during smooth recovery of BSS data.
Failed to activate BSS while recovering service template binding information for service thread from pending database.
Failed to activate BSS while creating BSS from Merger.
Failed to activate BSS when AP came online.
Failed to activate BSS when other module sent activation request.
Failed to activate BSS when other module received activation request.
Failed to send response node of creating interface while creating interface during smooth recovery of AP data.
Failed to add BSS index to interface index when hierarchy device created an interface accordingly.
Failed to add VLAN on the interface when hierarchy device created an interface accordingly.
Failed to set source MAC address of the interface when hierarchy device created an interface accordingly.
Failed to set kernel forwarding table when hierarchy device created an interface accordingly.
Failed to activate BSS when hierarchy device created an interface accordingly.
Failed to issue Add BSS message when hierarchy device created an interface accordingly.
Insufficient memory when hierarchy device received BSS creation message.
Failed to fill BSS basic data when hierarchy device received BSS creation message.
Failed to initiate BSS service phase when hierarchy device received BSS creation message.
Failed to receive Add WLAN message when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid AP ID when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid radio ID when hierarchy device received BSS creation message.
Failed to get radio private data when hierarchy device received Add WLAN message.
Failed to issue message when hierarchy device received Add WLAN message.
Failed to get BSS data through WLAN ID during smooth recovery of BSS data.
Failed to issue Add WLAN message while creating BSS node in general process.
Failed to create BSS interface when hierarchy device created an interface accordingly.
Failed to create BSS interface when hierarchy device created an interface accordingly for an invalid interface.
Failed to set forwarding location while creating BSS node in general process.
Replied with failure to transmit interface creation node when BSS created an interface accordingly.
Failed to update BSS key data when hierarchy device received Add WLAN message.
Replied with failure to transmit interface creation node when BSS created an interface accordingly for an existing BSS.

STAMGR_SERVICE_OFF

Message text	BSS [STRING] was deleted after service template [STRING] with SSID [STRING] was unbound from radio [STRING] on AP [STRING]. Reason: [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: Reason for the BSS deletion. · Unknown reason. · AP down. · Deleted BSS with the Delete mark when inter-AC BSS smooth ended. · Hierarchy device received BSS delete message. · Deleted AP private data from APMGR when AP smooth ended. · WLAS was triggered, and service was shut down temporarily. · Intrusion protection was triggered, and service was shut down permanently. · Service module received Update WLAN message when BSS was inactive. · Disabled service template. · Unbound service template. · Deleted BSS with the Delete mark when inter-AC AP smooth ended. · BSS aging timer timed out. · Deleted non-local forwarding BSS when AP enabled with remote AP went offline. · Failed to find configuration data while synchronizing data. · AP did not come online or service template was disabled. · Failed to find the WLAN ID from APMGR while BSS was smoothing WLAN ID. · Unbound inherited service template. · The stamgr process became down automatically or was shut down manually. · Failed to use AP private data to upgrade backup BSS. · Failed to upgrade backup BSS. · Failed to synchronize service template data to the Merger bind list while upgrading backup data.
Severity level	6
Example	STAMGR/6/SERVICE_OFF: BSS 0023-12ef-78dc was deleted after service template st1 with SSID st1ssid was unbound from radio 1 on AP ap1. Reason: Failed to find configuration data while synchronizing data.
Explanation	The BSS was deleted for a specific reason.
Recommended action	To resolve the issue: 1. Verify that the BSS is deleted as requested. If the BSS is deleted as requested, no action is required. 2. Locate the deletion cause and remove the issue if the BSS is deleted abnormally, 3. If the issue persists, contact H3C Support.

STAMGR_SERVICE_ON

Message text	BSS [STRING] was created after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name.
Severity level	6
Example	STAMGR/6/SERVICE_ON: BSS 0023-12ef-78dc was created after service template st1 with SSID 1 was bound to radio 1 on AP ap1.
Explanation	The BSS was created.
Recommended action	No action is required.

STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL

Message text	APID=[UINT32]-MAC=[STRING]-BSSID=[STRING]; AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Variable fields	$1: ID of the AP associated with the client. $2: MAC address of the client. $3: BSSID of the service template associated with the client.
Severity level	7
Example	STAMGR/7/STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL: APID=667-MAC=d4f4-6f69-d7a1-BSSID=600b-0301-d5a0; The AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Explanation	The AC does not need to send client information to the uplink device because client information already arrived at the end of the IOCTL tunnel.
Recommended action	To resolve the issue depending on the network infrastructure: · Fit AP+AC network—No action is required if this message is output. If no message is output, locate the issue according to the debugging information and resolve the issue. · AC hierarchical network—No action is required if this message is output by the central AC. If this message is output by a local AC, locate the issue according to the debugging information and resolve the issue.

STAMGR_STAIPCHANGE_INFO

Message text	IP address of client [STRING] changed to [STRING].
Variable fields	$1: MAC address of the client. $2: New IP address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4.
Explanation	The IP address of the client was updated.
Recommended action	No action is required.

STAMGR_TRIGGER_IP

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; Intrusion protection triggered. Action: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the access VLAN. $6: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently.
Severity level	5
Example	STAMGR/5/STAMGR_TRIGGER_IP:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2-VLANID=11; Intrusion protection triggered, the intrusion protection action: added a user to the list of Block-MAC.
Explanation	Intrusion protection was triggered and the action was displayed.
Recommended action	No action is required.

STM messages

This section contains IRF messages.

STM_AUTO_UPDATE_FAILED

Message text	Pattern 1: Slot [UINT32] auto-update failed. Reason: [STRING]. Pattern 2: Chassis [UINT32] slot [UINT32] auto-update failed. Reason: [STRING].
Variable fields	Pattern 1: $1: IRF member ID. $2: Failure reason: ¡ Timeout when loading—The IRF member device failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The subordinate device does not have sufficient storage space. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. $3: Failure reason: ¡ Timeout when loading—The MPU failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The MPU does not have sufficient storage space.
Severity level	4
Example	STM/4/STM_AUTO_UPDATE_FAILED: Slot 5 auto-update failed. Reason: Timeout when loading.
Explanation	Pattern 1: Software synchronization from the master failed on a subordinate device. Pattern 2: Software synchronization from the global active MPU failed on a standby MPU.
Recommended action	1. Remove the issue depending on the failure reason: ¡ If the failure reason is Timeout when loading, verify that all IRF links are up. ¡ If the failure reason is Wrong description when loading, download the software images again. ¡ If the failure reason is Disk full when writing to disk, delete unused files to free the storage space. 2. Upgrade software manually for the device or MPU to join the IRF fabric, and then connect the device to the IRF fabric.

STM_AUTO_UPDATE_FINISHED

Message text	Pattern 1: File loading finished on slot [UINT32]. Pattern 2: File loading finished on chassis [UINT32] slot [UINT32].
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATE_FINISHED: File loading finished on slot 3.
Explanation	Pattern 1: The member device finished loading software images. Pattern 2: The MPU finished loading software images.
Recommended action	No action is required.

STM_AUTO_UPDATING

Message text	Pattern 1: Don't reboot the slot [UINT32]. It is loading files. Pattern 2: Don't reboot the chassis [UINT32] slot [UINT32]. It is loading files.
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATING: Don't reboot the slot 2. It is loading files.
Explanation	Pattern 1: The member device is loading software images. To avoid software upgrade failure, do not reboot the member device. Pattern 2: The MPU is loading software images. To avoid software upgrade failure, do not reboot the MPU.
Recommended action	No action is required.

STM_HELLOPKT_NOTSEND

Message text	Hello thread hasn't sent packets for [UINT32] seconds.
Variable fields	$1: Time value.
Severity level	5
Example	STM/5/STM_HELLOPKT_NOTSEND: Hello thread hasn't sent packets for 10 seconds.
Explanation	The hello thread hasn't sent packets for 10 seconds.
Recommended action	Execute the display cpu-usage command to identify whether the CPU usage has increased to a high level for a period of time. If yes, decrease the CPU usage. For example, the CPU usage increases dramatically when an attack occurs or when the system is processing CPU-intensive tasks. If you cannot locate the cause, please contact H3C Support. The IRF fabric splits if the hello thread hasn't sent packets before the heartbeat time expires.

STM_HELLOPKT_NOTRCV

Message text	Hello thread hasn't received packets for [UINT] seconds.
Variable fields	$1: Time value.
Severity level	5
Example	STM/5/STM_HELLOPKT_NOTRCV: Hello thread hasn't received packets for 10 seconds.
Explanation	The hello thread hasn't received packets for 10 seconds.
Recommended action	Execute the display cpu-usage command to identify whether the CPU usage has increased to a high level for a period of time. If yes, decrease the CPU usage. For example, the CPU usage increases dramatically when an attack occurs or when the system is processing CPU-intensive tasks. If you cannot locate the cause, please contact H3C Support. The IRF fabric splits if the hello thread hasn't received packets for a long time.

STM_LINK_DOWN

Message text	IRF port [UINT32] went down.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_LINK_DOWN: IRF port 2 went down.
Explanation	This event occurs when all physical interfaces bound to an IRF port are down.
Recommended action	Check the physical interfaces bound to the IRF port. Make sure a minimum of one member physical interface is up.

STM_LINK_TIMEOUT

Message text	IRF port [UINT32] went down because the heartbeat timed out.
Variable fields	$1: IRF port name.
Severity level	2
Example	STM/2/STM_LINK_TIMEOUT: IRF port 1 went down because the heartbeat timed out.
Explanation	The IRF port went down because of heartbeat timeout.
Recommended action	Check the IRF link for link failure.

STM_LINK_UP

Message text	IRF port [UINT32] came up.
Variable fields	$1: IRF port name.
Severity level	6
Example	STM/6/STM_LINK_UP: IRF port 1 came up.
Explanation	An IRF port came up.
Recommended action	No action is required.

STM_MERGE

Message text	IRF merge occurred.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE: IRF merge occurred.
Explanation	IRF merge occurred.
Recommended action	No action is required.

STM_MERGE_NEED_REBOOT

Message text	IRF merge occurred. This IRF system needs a reboot.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot.
Explanation	You must reboot the current IRF fabric for IRF merge, because it failed in the master election.
Recommended action	Log in to the IRF fabric, and use the reboot command to reboot the IRF fabric.

STM_MERGE_NOT_NEED_REBOOT

Message text	IRF merge occurred. This IRF system does not need to reboot.
Variable fields	N/A
Severity level	5
Example	STM/5/STM_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot.
Explanation	You do not need to reboot the current IRF fabric for IRF merge, because it was elected the master.
Recommended action	Reboot the IRF fabric that has failed in the master election to finish the IRF merge.

STM_SAMEMAC

Message text	Failed to stack because of the same bridge MAC addresses.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_SAMEMAC: Failed to stack because of the same bridge MAC addresses.
Explanation	Failed to set up the IRF fabric because some member devices are using the same bridge MAC address.
Recommended action	1. Verify that IRF bridge MAC persistence is disabled on the member devices. To disable this feature, use the undo irf mac-address persistent command. 2. If the problem persists, contact H3C Support.

STM_SOMER_CHECK

Message text	Neighbor of IRF port [UINT32] cannot be stacked.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_SOMER_CHECK: Neighbor of IRF port 1 cannot be stacked.
Explanation	The neighbor connected to the IRF port cannot form an IRF fabric with the device.
Recommended action	Check the following items: · The device models can form an IRF fabric. · The IRF settings are correct. For more information, see the IRF configuration guide for the device.

STP messages

This section contains STP messages.

STP_BPDU_PROTECTION

Message text	BPDU-Protection port [STRING] received BPDUs.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_BPDU_PROTECTION: BPDU-Protection port Ethernet1/0/4 received BPDUs.
Explanation	A BPDU-guard-enabled port received BPDUs.
Recommended action	Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices.

STP_BPDU_RECEIVE_EXPIRY

Message text	Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	5
Example	STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet0/4/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Explanation	The state of a non-designated port changed because the port did not receive a BPDU within the max age.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_CONSISTENCY_RESTORATION

Message text	Consistency restored on VLAN [UINT32]'s port [STRING].
Variable fields	$1: VLAN ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet0/1/1.
Explanation	Port link type or PVID inconsistency was removed on a port.
Recommended action	No action is required.

STP_DETECTED_TC

Message text	[STRING] [UINT32]'s port [STRING] detected a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet0/1/1 detected a topology change.
Explanation	The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_DISABLE

Message text	STP is now disabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_DISABLE: STP is now disabled on the device.
Explanation	STP was globally disabled on the device.
Recommended action	No action is required.

STP_DISCARDING

Message text	Instance [UINT32]'s port [STRING] has been set to discarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_DISCARDING: Instance 0's port Ethernet1/0/2 has been set to discarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the discarding state.
Recommended action	No action is required.

STP_ENABLE

Message text	STP is now enabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_ENABLE: STP is now enabled on the device.
Explanation	STP was globally enabled on the device.
Recommended action	No action is required.

STP_FORWARDING

Message text	Instance [UINT32]'s port [STRING] has been set to forwarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_FORWARDING: Instance 0's port Ethernet1/0/2 has been set to forwarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the forwarding state.
Recommended action	No action is required.

STP_LOOP_PROTECTION

Message text	Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port Ethernet1/0/2 failed to receive configuration BPDUs.
Explanation	A loop-guard-enabled port failed to receive configuration BPDUs.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_NOT_ROOT

Message text	The current switch is no longer the root of instance [UINT32].
Variable fields	$1: Instance ID.
Severity level	5
Example	STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0.
Explanation	The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_NOTIFIED_TC

Message text	[STRING] [UINT32]'s port [STRING] was notified of a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet0/1/1 was notified of a topology change.
Explanation	The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_PORT_TYPE_INCONSISTENCY

Message text	Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port.
Variable fields	$1: Interface name. $2: VLAN ID.
Severity level	4
Example	STP/4/STP_PORT_TYPE_INCONSISTENCY: Access port GigabitEthernet0/1/1 in VLAN 10 received PVST BPDUs from a trunk or hybrid port.
Explanation	An access port received PVST BPDUs from a trunk or hybrid port.
Recommended action	Check the port link type setting on the ports.

STP_PVID_INCONSISTENCY

Message text	Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32].
Variable fields	$1: Interface name. $2: VLAN ID. $3: VLAN ID.
Severity level	4
Example	STP/4/STP_PVID_INCONSISTENCY: Port GigabitEthernet0/1/1 with PVID 10 received PVST BPDUs from a port with PVID 20.
Explanation	A port received PVST BPDUs from a remote port with a different PVID.
Recommended action	Verify that the PVID is consistent on both ports.

STP_PVST_BPDU_PROTECTION

Message text	PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_PVST_BPDU_PROTECTION: PVST BPDUs were received on port GigabitEthernet0/1/1, which is enabled with PVST BPDU protection.
Explanation	In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs.
Recommended action	Identify the device that sends the PVST BPDUs.

STP_ROOT_PROTECTION

Message text	Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port Ethernet1/0/2 received superior BPDUs.
Explanation	A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_STG_NUM_DETECTION

Message text	STG count [UINT32] is smaller than the MPU's STG count [UINT32].
Variable fields	$1: Number of STGs on a card. $2: Number of STGs on the MPU.
Severity level	4
Example	STP/4/STP_STG_NUM_DETECTION: STG count 64 is smaller than the MPU's STG count 65.
Explanation	The system detected that the STG count on a card was smaller than that on the MPU.
Recommended action	Make sure the number of spanning tree instances is not larger than the smallest card-specific STG count. For example, if the number of spanning tree instances is m and the smallest STG count among cards is n, m cannot be larger than n.

SYSEVENT

This section contains system event messages.

EVENT_TIMEOUT

Message text	Module [UINT32]'s processing for event [UINT32] timed out. Module [UINT32]'s processing for event [UINT32] on [STRING] timed out.
Variable fields	$1: Module ID. $2: Event ID. $3: MDC MDC-ID or Context Context-ID.
Severity level	6
Example	SYSEVENT/6/EVENT_TIMEOUT: -MDC=1; Module 0x1140000's processing for event 0x20000010 timed out. SYSEVENT/6/EVENT_TIMEOUT: -Context=1; Module 0x33c0000's processing for event 0x20000010 on context 16 timed out.
Explanation	A module's processing for an event timed out. Logs generated on the default MDC or context for the default MDC or context do not include the MDC MDC-ID or Context Context-ID. Logs generated on the default MDC or context for a non-default MDC or context include the MDC MDC-ID or Context Context-ID. Logs generated on a non-default MDC or context for the local MDC or context do not include the MDC MDC-ID or Context Context-ID.
Recommended action	No action is required.

SYSLOG messages

This section contains syslog messages.

ENCODING

Message text	Set the character set encoding to [STRING] for syslog messages.
Variable fields	$1: Character set encoding, which can be UTF-8 or GB18030.
Severity level	6
Example	SYSLOG/6/ENCODING: Set the character set encoding to UTF-8 for syslog messages.
Explanation	Set the character set encoding to UTF-8 for syslog messages.
Recommended action	For the user' login terminal to correctly display Chinese characters in log messages received from the information center, make sure the information center and the terminal use the same character set encoding.

SYSLOG_LOGBUFFER_FAILURE

Message text	Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGBUFFER_FAILURE: Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Explanation	Failed to output logs to the logbuffer because of the communication timeout between syslog and DBM processes.
Recommended action	Contact H3C Support.

SYSLOG_LOGFILE_FULL

Message text	Log file space is full.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full.
Explanation	The log file space is full.
Recommended action	Back up the log file and remove it, and then bring up interfaces if needed.

SYSLOG_RESTART

Message text	System restarted -- [STRING] [STRING] Software.
Variable fields	$1: Company name. $2: Software name.
Severity level	6
Example	SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software
Explanation	A system restart log was created.
Recommended action	No action is required.

TAC messages

This section contains TAC messages.

LB_TAC_AUTH (fast log output)

Message text	User = STRING, MessageType = STRING, IP = STRING, URL = STRING, Result = STRING, Time = STRING
Variable fields	$1: Username. $2: Message type: ¡ AppAuth—Application authentication. ¡ ApiAuth—API authentication. $3: User IP address. $4: URL of the application or API. $5: Authentication result: ¡ AUTH_DENY—Access denied. ¡ AUTH_PERMIT—Access permitted. ¡ AUTH_REAUTH—Reauthentication required. $6: Authentication time.
Severity level	6
Example	H3C LB/6/ TAC_AUTH: User = admin, MessageType = AppAuth, IP = , URL = http://6.6.6.6:8080/, Result = AUTH_PERMIT, Time = 20200402154737
Explanation	This message is generated after an authentication operation is performed.
Recommended action	No action is required.

LB_TAC_NOTIFY_OFFLINE (fast log output)

Message text	MessageType = STRING, User = STRING, IP = STRING, Time = STRING
Variable fields	$1: Message type: ¡ AppUserOffline—An application user went offline. ¡ ApiUserOffline—An API user went offline. $1: Username. $3: User IP address. $4: Time when the user went offline.
Severity level	6
Example	H3C LB/6/ TAC_NOTIFY_OFFLINE: MessageType = ApiUserOffline, User = mAMz8WqXHtBa4R7slIbLNrEiYvuwecnf, IP = 10.1.1.1, Time = 20200401095819
Explanation	This message is generated when a user goes offline.
Recommended action	No action is required.

LB_TAC_NOTIFY_PERMISSIONUPDOWN (fast log output)

Message text	MessageType = STRING, User = STRING, IP = STRING, Time = STRING, UrlCnt = [UINT16], UrlList = { STRING, STRING,…}
Variable fields	$1: Message type: ¡ AppUserAccessPermitted—The permission of the application user changed to access permitted. ¡ ApiUserAccessPermitted—The permission of the API user changed to access permitted. ¡ AppUserAccessDenied—The permission of the application user changed to access denied. ¡ ApiUserAccessDenied—The permission of the API user changed to access denied. $1: Username. $3: User IP address. $4: Time when the permission changed. $5: Number of application or API URLs for the permission change $6: URL list.
Severity level	6
Example	H3C LB/6/ TAC_NOTIFY_PERMISSIONUPDOWN: MessageType = ApiUserAccessDenied, User = user1, IP = 10.1.1.1, Time = 20200401095819, UrlCnt = 2, UrlList = {http://2.0.0.2:8080/spg_api/app1_api1,http://2.0.0.2:8080/spg_api/app2_api2,}
Explanation	This message is generated when the permission of a user changes.
Recommended action	No action is required.

TACACS messages

This section contains TACACS messages.

TACACS_ACCT_SERVER_DOWN

Message text	TACACS accounting server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	4
Example	TACACS/4/TACACS_ACCT_SERVER_DOWN: TACACS accounting server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An accounting server became blocked.
Recommended action	1. Verify that the accounting server has started up. 2. Ping the accounting server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support.

TACACS_ACCT_SERVER_UP

Message text	TACACS accounting server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the accounting server. $2: Port number of the accounting server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	6
Example	TACACS/6/TACACS_ACCT_SERVER_UP: TACACS accounting server became active: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An accounting server became active.
Recommended action	No action is required.

TACACS_AUTH_FAILURE

Message text	User [STRING] at [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	TACACS/5/TACACS_AUTH_FAILURE: User cwf@system at 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the TACACS server.
Recommended action	No action is required.

TACACS_AUTH_SERVER_DOWN

Message text	TACACS authentication server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	4
Example	TACACS/4/TACACS_AUTH_SERVER_DOWN: TACACS authentication server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An authentication server became blocked.
Recommended action	1. Verify that the authentication server has started up. 2. Ping the authentication server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support.

TACACS_AUTH_SERVER_UP

Message text	TACACS authentication server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authentication server. $2: Port number of the authentication server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	6
Example	TACACS/6/TACACS_AUTH_SERVER_UP: TACACS authentication server became active: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An authentication server became active.
Recommended action	No action is required.

TACACS_AUTH_SUCCESS

Message text	User [STRING] at [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system at 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the TACACS server.
Recommended action	No action is required.

TACACS_AUTHOR_SERVER_DOWN

Message text	TACACS authorization server was blocked: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	4
Example	TACACS/4/TACACS_AUTHOR_SERVER_DOWN: TACACS authorization server was blocked: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An authorization server became blocked.
Recommended action	1. Verify that the authorization server has started up. 2. Ping the authorization server to verify that the server is reachable. If the server is not reachable, check the link for connectivity issues and resolve the issues. 3. Collect logs and diagnostic logs, and then contact H3C Support.

TACACS_AUTHOR_SERVER_UP

Message text	TACACS authorization server became active: Server IP=[STRING], port=[UINT32], VPN instance=[STRING].
Variable fields	$1: IP address of the authorization server. $2: Port number of the authorization server. $3: VPN instance name. This field displays public if the server belongs to the public network.
Severity level	6
Example	TACACS/6/TACACS_AUTHOR_SERVER_UP: TACACS authorization server became active: Server IP=1.1.1.1, port=1812, VPN instance=public.
Explanation	An authorization server became active.
Recommended action	No action is required.

TACACS_REMOVE_SERVER_FAIL

Message text	Failed to remove servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	TACACS/4/TACACS_REMOVE_SERVER_FAIL: Failed to remove servers in scheme abc.
Explanation	Failed to remove servers from a TACACS scheme.
Recommended action	No action is required.

TCSM

This section contains Trusted Computing Services Management (TCSM) messages.

TCSM_CERT_BROKEN

Message text	Certificate [STRING] is missing or corrupted.
Variable fields	$1: Certificate name.
Severity level	3
Example	TCSM/3/TCSM_CERT_BROKEN: Certificate ak1-cert is missing or corrupted.
Explanation	A certificate stored in a storage medium is lost or corrupted.
Recommended action	· If the certificate is user defined, perform the following tasks: a. Replace the storage medium. b. From the manager, sign a new certificate for the TCSM key of the device. · If the certificate is system defined, contact H3C Support.

TCSM_KEY_BROKEN

Message text	Key [STRING] is corrupted or missing.
Variable fields	$1: Key name.
Severity level	3
Example	TCSM/3/TCSM_KEY_BROKEN: Key abc is corrupted or missing.
Explanation	A key file stored in a storage medium is lost or corrupted.
Recommended action	· If the key is user defined, perform the following tasks: a. Use the key destroy command to destroy the key. b. As a best practice, replace the storage medium. · If the key is system defined, contact H3C Support.

TCSM_KEY_HIERARCHY_BROKEN

Message text	Key hierarchy of [STRING] is corrupted.
Variable fields	$1: Key name
Severity level	3
Example	TCSM/3/TCSM_KEY_HIERARCHY_BROKEN: Key hierarchy of abc is corrupted.
Explanation	An upper-level key of the specified key is corrupted.
Recommended action	1. Use the key destroy command to destroy the specified key and its upper-level keys. 2. As a best practice, replace the storage medium.

TCSM_TSS_SVC_DOWN

Message text	TSS service is down.
Variable fields	N/A
Severity level	3
Example	TCSM/3/TCSM_TSS_SVC_DOWN: TSS service is down.
Explanation	The TPM software stack process is down.
Recommended action	Contact H3C Support.

TCSM_TSS_SVC_UP

Message text	TSS service is up.
Variable fields	N/A
Severity level	5
Example	TCSM/5/TCSM_TSS_SVC_DOWN: TSS service is up.
Explanation	The TPM software stack process is up.
Recommended action	No action is required.

TELNETD messages

This section contains Telnet daemon messages.

TELNETD_ACL_DENY

Message text	The Telnet Connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT32])
Variable fields	$1: IP address of the Telnet client. $2: VPN instance to which the Telnet client belongs. $3: ID of the rule that denied the Telnet client. If a Telnet client does not match created ACL rules, the device denies the client based on the default ACL rule.
Severity level	5
Example	TELNETD/5/TELNETD_ACL_DENY:The Telnet connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). TELNETD/5/TELNETD_ACL_DENY:The Telnet connection request from 181.1.1.10 was denied by ACL rule (default rule).
Explanation	Telnet login control ACLs control which Telnet clients can access the Telnet service on the device. The device sends this log message when it denies a Telnet client.
Recommended action	No action is required.

TELNETD_REACH_SESSION_LIMIT

Message text	Telnet client $1 failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device.
Severity level	6
Example	TELNETD/6/TELNETD_REACH_SESSION_LIMIT: Telnet client 1.1.1.1 failed to log in. The current number of Telnet sessions is 10. The maximum number allowed is (10).
Explanation	The number of Telnet connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

TERMINAL messages

This section contains terminal identification messages through fast log output.

TERMINAL_CHANGED_LOG_IP

Message text	IPAddr(1145)=[IPADDR];PhyInterface(1148)=[STRING];OldMAC(1147)=[STRING];NewMAC(1168)=[STRING];OldVendor(1149)=[STRING];NewVendor(1150)=[STRING];OldType(1151)=[STRING];NewType(1152)=[STRING];OldModel(1153)=[STRING];NewModel(1154)=[STRING];OldSerialNum(1155)=[STRING];NewSerialNum(1156)=[STRING];OldTrmlID(1157)=[UINT32];NewTrmlID(1169)=[UINT32];
Variable fields	$1: Terminal IPv4 address. $2: Physical interface for terminal access. $3: Old terminal MAC address. $4: New terminal MAC address. $5: Old vendor. $6: New vendor. $7: Old type. $8: New type. $9: Old model. $10: New model. $11: Old serial number. $12: New serial number. $13: Old vendor ID. $14: New vendor ID.
Severity level	4
Example	TERMINAL/4/TERMINAL_CHANGED_LOG_IP:IPAddr(1145)=1.1.1.1;PhyInterface(1148)=g2/0/0;OldMAC(1147)=0800-2786-a375;NewMAC(1168)=0800-2786-a376;OldVendor(1149)=DAHUA;NewVendor(1150)=HIKVISION;OldType(1151)=camera;NewType(1152)=camera;OldModel(1153)=DH-ITC2013;NewModel(1154)=DS-2CD3;OldSerialNum(1155)=1122;NewSerialNum(1156)=2233;OldTrmlID(1157)=123456;NewTrmlID(1169)=123457;
Explanation	The device generates and sends a log when it detects a terminal information change. Then the device keeps silence for one minute and does not send any log even it detects information changes of this terminal. When the one minute silence timer elapses, the device again can send logs for another information change of this terminal.
Recommended action	No action is required.

TERMINAL_CHANGED_LOG_IPV6

Message text	IPv6Addr(1146)=[IPADDR];PhyInterface(1148)=[STRING];OldMAC(1147)=[STRING];NewMAC(1168)=[STRING];OldVendor(1149)=[STRING];NewVendor(1150)=[STRING];OldType(1151)=[STRING];NewType(1152)=[STRING];OldModel(1153)=[STRING];NewModel(1154)=[STRING];OldSerialNum(1155)=[STRING];NewSerialNum(1156)=[STRING];OldTrmlID(1157)=[UINT32];NewTrmlID(1169)=[UINT32];
Variable fields	$1: Terminal IPv6 address. $2: Physical interface for terminal access. $3: Old terminal MAC address. $4: New terminal MAC address. $5: Old vendor. $6: New vendor. $7: Old type. $8: New type. $9: Old model. $10: New model. $11: Old serial number. $12: New serial number. $13: Old vendor ID. $14: New vendor ID.
Severity level	4
Example	TERMINAL/4/TERMINAL_CHANGED_LOG_IPV6:IPv6Addr(1146)=2001::1;PhyInterface(1148)=g2/0/0;OldMAC(1147)=0800-2786-a375;NewMAC(1168)=0800-2786-a376;OldVendor(1149)=DAHUA;NewVendor(1150)=HIKVISION;OldType(1151)=camera;NewType(1152)=camera;OldModel(1153)=DH-ITC2013;NewModel(1154)=DS-2CD3;OldSerialNum(1155)=1122;NewSerialNum(1156)=2233;OldTrmlID(1157)=123456;NewTrmlID(1169)=123457;
Explanation	The device generates and sends a log when it detects a terminal information change. Then the device keeps silence for one minute and does not send any log even it detects information changes of this terminal. When the one minute silence timer elapses, the device again can send logs for another information change of this terminal.
Recommended action	No action is required.

TRILL messages

This section contains TRILL messages.

TRILL_DUP_SYSTEMID

Message text	Duplicate system ID [STRING] in [STRING] PDU sourced from RBridge 0x[HEX].
Variable fields	$1: System ID. $2: PDU type. $3: Source RBridge's nickname.
Severity level	5
Example	TRILL/5/TRILL_DUP_SYSTEMID: Duplicate system ID 0011.2200.1501 in LSP PDU sourced from RBridge 0xc758.
Explanation	The local RBridge received an LSP or IIH PDU that has the same system ID as the local RBridge. The possible reasons include: · The same system ID is assigned to the local RBridge and the remote RBridge. · The local RBridge received a self-generated LSP PDU with an old nickname.
Recommended action	Please check the RBridge system IDs on the campus network.

TRILL_INTF_CAPABILITY

Message text	The interface [STRING] does not support TRILL.
Variable fields	$1: Interface name.
Severity level	4
Example	TRILL/4/TRILL_INTF_CAPABILITY: The interface GigabitEthernet0/1/3 does not support TRILL.
Explanation	An interface that does not support TRILL is assigned to a link aggregation group.
Recommended action	Remove the interface that does not support TRILL from the link aggregation group.

TRILL_LICENSE_EXPIRED

Message text	The TRILL feature is being disabled, because its license has expired.
Variable fields	N/A
Severity level	5
Example	TRILL/5/TRILL_LICENSE_EXPIRED: The TRILL feature is being disabled, because its license has expired.
Explanation	The TRILL license has expired.
Recommended action	Check the TRILL license.

TRILL_MEM_ALERT

Message text	TRILL process receive system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	TRILL/5/TRILL_MEM_ALERT: TRILL process receive system memory alert start event.
Explanation	TRILL receives a memory alert event from the system.
Recommended action	Check the system memory.

TRILL_NBR_CHG

Message text	TRILL [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING].
Variable fields	$1: TRILL process ID. $2: Neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Current neighbor state: ¡ up—The neighbor has been established, and can operate correctly. ¡ initializing—The neighbor is being initialized. ¡ down—The neighbor is down.
Severity level	5
Example	TRILL/5/TRILL_NBR_CHG: TRILL 1, Level-1 adjacency 0011.2200.1501 (GigabitEthernet0/1/3), state changed to down.
Explanation	The state of a TRILL neighbor changed.
Recommended action	When the neighbor state changed to down or initializing, please check the TRILL configuration and network status according to the reason for the neighbor state change.

TRILL_NO_LICENSE

Message text	The TRILL feature has no license.
Variable fields	N/A
Severity level	5
Example	TRILL/5/TRILL_NO_LICENSE: The TRILL feature has no license.
Explanation	The TRILL feature has no license.
Recommended action	Install a valid license for TRILL.

UFLT messages

This section contains URL filtering messages.

UFLT_MATCH_IPV4_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Fashion&Beauty;PolicyName(1079)=policy1;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;Action(1053)=Drop;
Explanation	An IPv4 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_MATCH_IPV6_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Fashion&Beauty;PolicyName(1079)=policy1;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;Action(1053)=Drop;
Explanation	An IPv6 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPV4_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. This field displays Unknown if no matching URL category is found for the packet. $5: URL filtering policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Unknown;PolicyName(1079)=policy1;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;Action(1053)=Drop;
Explanation	No matching URL filtering rule was found for an IPv4 packet.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPV6_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Unknown;PolicyName(1079)=policy1;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;Action(1053)=Drop;
Explanation	No matching URL filtering rule was found for an IPv6 packet.
Recommended action	No action is required.

UFLT_MATCH_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLParentCategory(1128)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IP address. $6: Source port number. $7: Source IP address after NAT. $8: Source port number after NAT. $9: Destination IP address. $10: Destination port number. $11: Destination IP address after NAT. $12: Destination port number after NAT. $13: Source security zone. $14: Destination security zone. $15: URL filtering policy name. $16: Parent URL category name. $17: Child URL category name. $18: URL content. $19: Access time. $20: Client type. This field is not supported in the current software version. $21: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPAddr(1003)=112.1.1.2;SrcPort(1004)=3887;NATSrcIPAddr(1005)=112.1.1.2;NATSrcPort(1006)=3887;DstIPAddr(1007)=114.1.1.2;DstPort(1008)=80;NATDstIPAddr(1009)=114.1.1.2;NATDstPort(1010)=80;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLParentCategory(1128)=SearchEngines&Portals;URLCategory(1094)=SearchEngines&Portals;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	An IPv4 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_MATCH_IPV6_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLParentCategory(1128)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING]; Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IPv6 address. $6: Source port number. $7: Destination IPv6 address. $8: Destination port number. $9: Source security zone. $10: Destination security zone. $11: URL filtering policy name. $12: Parent URL category name. $13: Child URL category name. $14: URL content. $15: Access time. $16: Client type. This field is not supported in the current software version. $17: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLParentCategory(1128)=SearchEngines&Portals;URLCategory(1094)=SearchEngines&Portals;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	An IPv6 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPV4_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLParentCategory(1128)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IP address. $6: Source port number. $7: Source IP address after NAT. $8: Source port number after NAT. $9: Destination IP address. $10: Destination port number. $11: Destination IP address after NAT. $12: Destination port number after NAT. $13: Source security zone. $14: Destination security zone. $15: URL filtering policy name. $16: Parent URL category name. If no parent URL category is matched, the field displays a hyphen (-). $17: Child URL category name. If no child URL category is matched, the field displays Unknown. $18: URL content. $19: Access time. $20: Client type. This field is not supported in the current software version. $21: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPAddr(1003)=112.1.1.2;SrcPort(1004)=3887;NATSrcIPAddr(1005)=112.1.1.2;NATSrcPort(1006)=3887;DstIPAddr(1007)=114.1.1.2;DstPort(1008)=80;NATDstIPAddr(1009)=114.1.1.2;NATDstPort(1010)=80;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLParentCategory(1128)=-;URLCategory(1094)=Unknown;URL(1093)=news.sohu.com/upload/itoolbar/index/toolbar_bg_130315.gif;VistTime(1114)=1480691551;Client(1110)=;Action(1053)=Permit;
Explanation	No matching URL filtering rule was found for an IPv4 packet.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPV6_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING]; PolicyName(1079)=[STRING];URLParentCategory(1128)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING]; Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IPv6 address. $6: Source port number. $7: Destination IPv6 address. $8: Destination port number. $9: Source security zone. $10: Destination security zone. $11: URL filtering policy name. $12: Parent URL category name. If no parent URL category is matched, the field displays a hyphen (-). $13: Child URL category name. If no child URL category is matched, the field displays Unknown. $14: URL content. $15: Access time. $16: Client type. This field is not supported in the current software version. $17: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLParentCategory(1128)=-;URLCategory(1094)=Unknown;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	No matching URL filtering rule was found for an IPv6 packet.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	Updated the URL filtering signature library successfully.
Variable fields	N/A
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; Updated the URL filtering signature library successfully.
Explanation	The URL filtering signature library was updated successfully through a manual offline update or triggered online update.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	Rolled back the URL filtering signature library successfully.
Variable fields	N/A
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; Rolled back the URL filtering signature library successfully.
Explanation	The URL filtering signature library was rolled back to the previous or factory default version successfully.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	No available license to update URL signature.
Variable fields	N/A
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; No available license to update URL signature.
Explanation	Failed to update the URL filtering signature library because no license is available.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	The signature library version is not compatible with the software version. Please use a compatible signature library version on the device.
Variable fields	N/A
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; The signature library version is not compatible with the software version. Please use a compatible signature library version on the device.
Explanation	Failed to update the URL filtering signature library because the signature library version is not compatible with the software version.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	Failed to update signature package in phase [STRING].
Variable fields	$1: Update phase: · DOWNLOAD—Signature file download phase. · GETURLFILE—The system obtains the signature file path. · PREPARE—Signature library preparation phase. · PARSE—Signature library parsing phase. · UNKNOWN—Unknown.
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; Failed to update signature package in phase DOWNLOAD.
Explanation	Failed to update the URL filtering signature library in a specific phase.
Recommended action	No action is required.

UFLT_WARNING (syslog)

Message text	uflt Copy SigPack file failed because flash is not enough.
Variable fields	N/A
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; uflt Copy SigPack file failed because flash is not enough.
Explanation	Failed to update the URL filtering signature library because the storage space is insufficient.
Recommended action	No action is required.

VLAN messages

This section contains VLAN messages.

VLAN_FAILED

Message text	Failed to add interface [STRING] to the default VLAN.
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN.
Explanation	An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN.
Recommended action	No action is required.

VLAN_VLANMAPPING_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on GigabitEthernet1/0/1.
Explanation	Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VLAN_VLANSTRIP_REG_DIFF_CONFIG

Message text	The value of the vlan-strip register is different from the configuration on interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	VLAN/3/VLAN_VLANSTRIP_REG_DIFF_CONFIG: The value of the vlan-strip register is different from the configuration on interface GigabitEthernet1/0/1.
Explanation	The VLAN tag stripping configuration on an interface is different from the value of the vlan-strip register.
Recommended action	Check the operating environments of VMs and hosts, and configure VLAN tag stripping again.

VLAN_VLANTRANSPARENT_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on GigabitEthernet1/0/1.
Explanation	Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VRRP messages

This section contains VRRP messages.

VRRP_AUTH_FAILED

Message text	Authentication failed in [STRING] virtual router [UINT32] (configured on [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_AUTH_FAILED: Authentication failed in IPv4 virtual router 10 (configured on Ethernet0/0): Authentication type mismatch.
Explanation	A VRRP packet was received, but did not pass the authentication examination.
Recommended action	Check the configuration of the VRRP group on the specified interface. Make sure every router in the VRRP group uses the same authentication mode and authentication key.

VRRP_CONFIG_ERROR

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) detected a VRRP configuration error: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_CONFIG_ERROR: The IPv4 virtual router 10 (configured on Ethernet0/0) detected a VRRP configuration error: Virtual IP address count mismatch.
Explanation	The VRRP group configuration is not correct. For example, the virtual IP address count of the VRRP group is not the same on the members.
Recommended action	Check the VRRP group configuration on the specified interface. Make sure every member in the VRRP group uses the same configuration.

VRRP_PACKET_ERROR

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) received an error packet: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Interface where the VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_PACKET_ERROR: The IPv4 virtual router 10 (configured on Ethernet0/0) received an error packet: CKSUM error.
Explanation	The VRRP group received an invalid VRRP packet. For example, the checksum was not correct.
Recommended action	Check the VRRP group configuration on the specified interface.

VRRP_STATUS_CHANGE

Message text	The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: ¡ Interface event received—An interface event was received. ¡ IP address deleted—The virtual IP address has been deleted. ¡ The status of the tracked object changed—The status of the associated track entry changed. ¡ VRRP packet received—A VRRP advertisement was received. ¡ Current device has changed to IP address owner—The current device has become the IP address owner. ¡ Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. ¡ Zero priority packet received—A VRRP packet containing priority 0 was received. ¡ Preempt—Preemption occurred.
Severity level	6
Example	VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired.
Explanation	The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred.
Recommended action	Check the VRRP group status to make sure it is operating correctly.

VRRP_VF_STATUS_CHANGE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change.
Severity level	6
Example	VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.
Explanation	The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down.
Recommended action	Check the status of the track entry.

VRRP_VIP_INEFFECTIVE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual IP address [STRING]. Reason: [STRING].
Variable fields	$1: Network protocol type. The value is IPv4 or IPv6. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Virtual IP address of the VRRP group. $5: Reason for failure to add the virtual IP address. ¡ Address conflict—The virtual IP or network address has been assigned to an interface on the device. ¡ Invalid address or mask (prefix). ¡ Other reason.
Severity level	3
Example	VRRP/3/VRRP_VIP_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual IP address 201.0.0.1/10. Reason: Address conflict.
Explanation	The virtual router failed to add a virtual IP address.
Recommended action	Check the configuration according to the failure reason, and modify the IP address or mask (prefix) .

VRRP_VMAC_INEFFECTIVE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error.
Severity level	3
Example	VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources.
Explanation	The virtual router failed to add a virtual MAC address.
Recommended action	Find out the root cause for the operation failure and fix the problem.

VSRP messages

This section contains VSRP messages.

VSRP_BIND_FAILED

Message text	Failed to bind the IP addresses and the port on VSRP peer [STRING].
Variable fields	$1: VSRP peer name.
Severity level	6
Example	VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa.
Explanation	Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use.
Recommended action	No action is required.

VSYS messages

This section contains vSystem messages.

VSYS_PKT_DROP

Message text	Dropped [UINT] packets of vsystem [UINT] because the throughput threshold was reached.
Variable fields	$1: Number of packets dropped on the vSystem. $2: vSystem ID.
Severity level	6
Example	VSYS/6/VSYS_PKT_DROP: Dropped 7500 packets of vsystem 2 because the throughput threshold was reached.
Explanation	Packets were dropped on a vSystem because the used throughput of the vSystem reached the throughput threshold.
Recommended action	Adjust the throughput threshold for the vSystem as needed.

VSYS_PKT_RECOVER

Message text	Stopped dropping packets of vsystem [UINT].
Variable fields	$1: vSystem ID.
Severity level	6
Example	VSYS/6/VSYS_PKT_RECOVER: Stopped dropping packets of vSystem 2.
Explanation	A vSystem stopped dropping packets.
Recommended action	No action is required.

VSYS_THRESHOLD_RECOVER

Message text	The throughput usage of vsystem [UINT] dropped to [UINT]%, which is less than the alarm threshold [UINT]; current throughput is [UINT] kbps/pps, throughput threshold is [UINT] kbps/pps.
Variable fields	$1: vSystem ID. $2: Ratio of the current throughput to the throughput threshold. $3: Throughput alarm threshold. $4: Current throughput. $5: Throughput threshold.
Severity level	6
Example	VSYS/6/VSYS_THRESHOLD_RECOVER: The throughput usage of vsystem 2 dropped to 75%, which is less than the alarm threshold 80%; current throughput is 7500 kbps, throughput threshold is 10000 kbps.
Explanation	The ratio of the current throughput to the throughput threshold dropped below the alarm threshold for a vSystem.
Recommended action	No action is required.

VSYS_THRESHOLD_WARN

Message text	The throughput usage of vsystem [UINT] reached [UINT]%, which exceeds the alarm threshold [UINT]%; current throughput is [UINT] kbps/pps, throughput threshold is [UINT] kbps/pps.
Variable fields	$1: vSystem ID. $2: Ratio of the current throughput to the throughput threshold. $3: Throughput alarm threshold. $4: Current throughput. $5: Throughput threshold.
Severity level	6
Example	VSYS/6/VSYS_THRESHOLD_WARN: The throughput usage of vSystem 2 reached 85%, which exceeds the alarm threshold 80%; current throughput is 8500 kbps, throughput threshold is 10000 kbps.
Explanation	The ratio of the current throughput to the throughput threshold exceeded the alarm threshold for a vSystem.
Recommended action	Adjust the throughput threshold as needed.

VXLAN messages

This section contains VXLAN messages.

VXLAN_LICENSE_UNAVAILABLE

Message text	The VXLAN feature is disabled, because no licenses are valid.
Variable fields	N/A
Severity level	3
Example	VXLAN/3/VXLAN_LICENSE_UNAVAILABLE: The VXLAN feature is disabled, because no licenses are valid.
Explanation	VXLAN was disabled because no licenses were valid.
Recommended action	Install valid licenses for VXLAN.

WAF messages

This section contains WAF messages through fast log output and syslog output.

WAF_IPV4_INTERZONE (fast log)

Message text	Protocol(1001)=[STRING]; Application(1002)=[STRING]; SrcIPAddr(1003)=[IPADDR]; SrcPort(1004)=[UINT16]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1042)=[STRING]; SrcZoneName(1025)=[STRING]; DstZoneName(1035)=[STRING]; UserName(1113)=[STRING]; PolicyName(1079)=[STRING]; AttackName(1088)=[STRING]; AttackID(1089)=[UINT32]; Category(1090)=[STRING]; Protection(1091)=[STRING]; SubProtection(1092)=[STRING]; Severity(1087)=[STRING]; Action(1053)=[STRING]; CVE(1075)=[STRING]; BID(1076)=[STRING]; MSB(1077)=[STRING]; HitDirection(1115)=[STRING]; RealSrcIP(1100)=[STRING]; SubCategory(1124)=[STRING]; InspectEngine(1182)=[STRING]; CapturePktName(1116)=[STRING]; SrcMacAddr(1021)=[STRING]; DstMacAddr(1022)=[STRING]; SrcLocation(1209)=[STRING]; HttpHost(1117)=[STRING]; HttpUserAgent(1210)=[STRING]; URL(1093)=[STRING]; HttpMethod(1206)=[STRING]; StatusCode(1167)=[STRING]; PayLoad(1135)=[STRING]; HttpRequestHeader(1207)=[SRTING]; HttpBody(1208)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins (MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Inspection engine: ¡ signature-library—Uses signatures to detect attacks. ¡ semantic-analysis—Uses semantic analysis to detect attacks. $26: Capture file name. $27: Source MAC address. $28: Destination MAC address. $29: Attack area. $30: Host name of the request. $31: Proxy information (Typically, client browser information). $32: Request URL. $33: Request method. $34: Response status code. $35: Overload information. $36: Request header. $37: Request body.
Severity level	4
Example	WAF/4/WAF_IPV4_INTERZONE:-Context=1; Protocol(1001)=TCP; Application(1002)=http; SrcIPAddr(1003)=100.10.10.40; SrcPort(1004)=2999; DstIPAddr(1007)=200.10.10.40; DstPort(1008)=80; RcvVPNInstance(1042)=; SrcZoneName(1025)=spf; DstZoneName(1035)=spf; UserName(1113)=abc; PolicyName(1079)=waf; AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET; AttackID(1089)=5707; Category(1090)=Other; Protection(1091)=Other; SubProtection(1092)=Other; Severity(1087)=CRITICAL; Action(1053)=Reset & Logging; CVE(1075)=CVE-2014-6277 \| CVE-2014-6278; BID(1076)=BID-22559; MSB(1077)=MS10-017; HitDirection(1115)=original; RealSrcIP(1100)=10.10.10.10,20.20.20.20; SubCategory(1124)=Other; InspectEngine(1182)=signature-library; CapturePktName(1116)=; SrcMacAddr(1021)=021a-c501-0000; DstMacAddr(1022)=021a-c502-0000; SrcLocation(1209)=中国-河南-郑州 ; HttpHost(1117)=3.3.4.10; HttpUserAgent(1210)=Cricket-A310/1.0 UP.Browser/6.3.0.7 (GUI) MMP/2.0; URL(1093)=3.3.4.10/1download/Repro.dvr-ms; HttpMethod(1206)=GET ; StatusCode(1167)=HTTP/1.1 200 OK; PayLoad(1135)=POST/YWWboLftTVobA.xml HTTP/1.1\0d\0aHost: 3.3.4.10\0d\0aContent-Type: text/xml\0d\0aContent-Length; HttpRequestHeader(1207)=Host: 58.2.3.122User-Agent: Cricket-A310/1.0 UP.Browser/6.3.0.7 (GUI) MMP/2.0Accept: /Connection: keep-aliveContent-Length: 9245; HttpBody(1208)=;
Explanation	This message is sent when a WAF attack is detected in an IPv4 packet.
Recommended action	No action is required.

WAF_IPV6_INTERZONE (fast log)

Message text	Protocol(1001)=[STRING]; Application(1002)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; SrcPort(1004)=[UINT16]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1042)=-[ STRING]; SrcZoneName(1025)=[STRING]; DstZoneName(1035)=[STRING]; UserName(1113)=[STRING]; PolicyName(1079)=[STRING]; AttackName(1088)=[STRING]; AttackID(1089)=[UINT32]; Category(1090)=[STRING]; Protection(1091)=[STRING]; SubProtection(1092)=[STRING]; Severity(1087)=[STRING]; Action(1053)=[STRING]; CVE(1075)=[STRING]; BID(1076)=[STRING]; MSB(1077)=[STRING]; HitDirection(1115)=[STRING]; RealSrcIP(1100)=[STRING]; SubCategory(1124)=[STRING]; InspectEngine(1182)=[STRING]; CapturePktName(1116)=[STRING]; SrcMacAddr(1021)=[STRING]; DstMacAddr(1022)=[STRING]; SrcLocation(1209)=[STRING]; HttpHost(1117)=[STRING]; HttpUserAgent(1210)=[STRING]; URL(1093)=[STRING]; HttpMethod(1206)=[STRING]; StatusCode(1167)=[STRING]; PayLoad(1135)=[STRING]; HttpRequestHeader(1207)=[SRTING]; HttpBody(1208)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IPv6 address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: ¡ INVALID: Severity level not specified. ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $18: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Drop. ¡ Reset. ¡ Permit. ¡ Redirect. ¡ Capture. ¡ Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins ( MSB). $22: Packet direction: ¡ original. ¡ reply. $23: Original source IP address of the packet. $24: Attack subcategory. $25: Inspection engine: ¡ signature-library—Uses signatures to detect attacks. ¡ semantic-analysis—Uses semantic analysis to detect attacks. $26: Capture file name. $27: Source MAC address. $28: Destination MAC address. $29: Attack area. $30: Host name of the request. $31: Proxy information (Typically, client browser information). $32: Request URL. $33: Request method. $34: Response status code. $35: Overload information. $36: Request header. $37: Request body.
Severity level	4
Example	WAF/4/WAF_IPV6_INTERZONE:-Context=1; Protocol(1001)=TCP; Application(1002)=http; SrcIPv6Addr(1036)=100::40; SrcPort(1004)=2999; DstIPv6Addr(1037)=200::40; DstPort(1008)=80; RcvVPNInstance(1042)=; SrcZoneName(1025)=spf; DstZoneName(1035)=spf; UserName(1113)=aaa; PolicyName(1079)=waf; AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET; AttackID(1089)=5707; Category(1090)=Other; Protection(1091)=Other; SubProtection(1092)=Other; Severity(1087)=CRITICAL; Action(1053)=Reset & Logging; CVE(1075)=CVE-2014-6277 \| CVE-2014-6278; BID(1076)=BID-22559; MSB(1077)=MS10-017; HitDirection(1115)=reply; RealSrcIP(1100)=10::1; SubCategory(1124)=Other; InspectEngine(1182)=semantic-analysis; CapturePktName(1116)=; SrcMacAddr(1021)=021a-c501-0000; DstMacAddr(1022)=021a-c502-0000; SrcLocation(1209)=中国-河南-郑州 ; HttpHost(1117)=3.3.4.10; HttpUserAgent(1210)=Cricket-A310/1.0 UP.Browser/6.3.0.7 (GUI) MMP/2.0; URL(1093)=3.3.4.10/1download/Repro.dvr-ms; HttpMethod(1206)=GET ; StatusCode(1167)=HTTP/1.1 200 OK; PayLoad(1135)=POST/YWWboLftTVobA.xml HTTP/1.1\0d\0aHost: 3.3.4.10\0d\0aContent-Type: text/xml\0d\0aContent-Length; HttpRequestHeader(1207)=Host: 58.2.3.122User-Agent: Cricket-A310/1.0 UP.Browser/6.3.0.7 (GUI) MMP/2.0Accept: /Connection: keep-aliveContent-Length: 9245; HttpBody(1208)=;
Explanation	This message is sent when a WAF attack is detected in an IPv6 packet.
Recommended action	No action is required.

WAF_WARNING (syslog)

Message text	Updated the WAF signature library successfully.
Variable fields	N/A
Severity level	4
Example	WAF/4/WAF_WARNING: -Context=1; Updated the WAF signature library successfully.
Explanation	The WAF signature library was updated successfully through either of the following methods: · Immediate online update. · Local update.
Recommended action	No action is required.

WAF_WARNING (syslog)

Message text	Rolled back the WAF signature library successfully.
Variable fields	N/A
Severity level	4
Example	WAF/4/WAF_WARNING: -Context=1; Rolled back the WAF signature library successfully.
Explanation	The WAF signature library was successfully rolled back to the previous version or the factory default version.
Recommended action	No action is required.

WAF_WARNING (syslog)

Message text	Failed to update the WAF signature library.
Variable fields	N/A
Severity level	4
Example	WAF/4/WAF_WARNING: -Context=1; Failed to update the WAF signature library.
Explanation	Failed to update the WAF signature library through one of the following methods: · Immediate online update. · Local update through the Web interface. · Scheduled online update.
Recommended action	No action is required.

WAF_WARNING (syslog)

Message text	Copy SigPack file failed because flash is not enough.
Variable fields	N/A
Severity level	4
Example	WAF/4/WAF_WARNING: -Context=1; Copy SigPack file failed because flash is not enough.
Explanation	Failed to update the WAF signature library because the flash does not have enough storage space.
Recommended action	No action is required.

WAF_WARNING (syslog)

Message text	Failed to update signature package in phase [STRING].
Variable fields	$1: Upgrade phase, which can be: · DOWNLOAD · GETURLFILE · PREPARE · PARSE · UNKNOWN
Severity level	4
Example	WAF/4/WAF_WARNING: -Context=1; Failed to update signature package in phase PARSE.
Explanation	Failed to update the WAF signature library in a specific phase.
Recommended action	No action is required.

WEB messages

This section contains Web messages.

LOGIN

Message text	[STRING] logged in from [STRING].
Variable fields	$1: Username of the user. $2: IP address of the user.
Severity level	5
Example	WEB/5/LOGIN: admin logged in from 127.0.0.1.
Explanation	A user logged in successfully.
Recommended action	No action is required.

LOGIN_FAILED

Message text	[STRING] failed to log in from [STRING].
Variable fields	$1: Username of the user. $2: IP address of the user.
Severity level	5
Example	WEB/5/LOGIN_FAILED: admin failed to log in from 127.0.0.1.
Explanation	A user failed to log in.
Recommended action	No action is required.

LOGOUT

Message text	[STRING] logged out from [STRING].
Variable fields	$1: Username of the user. $2: IP address of the user.
Severity level	5
Example	WEB/5/LOGOUT: admin logged out from 127.0.0.1.
Explanation	A user logged out successfully.
Recommended action	No action is required.

WEBCACHE messages

This section contains Web caching messages.

WEBCACHE_CHECK

Message text	Web caching is not available.Reason: The system is checking whether the Web cache directory is accessible. Please wait...
Variable fields	None
Severity level	4
Example	WEBCACHE/4/WEBCACHE_CHECK Web caching is not available. Reason: The system is checking whether the Web cache directory is accessible. Please wait...
Explanation	The Web caching feature was not available because the system was checking whether the Web cache directory was accessible.
Recommended action	Wait for the system to finish the check operation.

WEBCACHE_AVAILABLE

Message text	Web cache directory is accessible. Web caching is available now.
Variable fields	None
Severity level	6
Example	WEBCACHE/6/WEBCACHE_AVAILABLE: Web cache directory is accessible. Web caching is available now.
Explanation	The Web cache directory was accessible. The Web caching feature was available.
Recommended action	No action is required.

WEBCACHE_INAVAILABLE

Message text	Web caching is not available. Reason: The Web cache directory is not accessible.
Variable fields	None
Severity level	6
Example	WEBCACHE/6/WEBCACHE_INAVAILABLE: Web caching is not available. Reason: The Web cache directory is not accessible.
Explanation	Because the Web cache directory was not accessible, the Web caching feature was not available.
Recommended action	Use the file-directory command to specify a Web cache directory that is accessible.

WFF messages

This section contains WLAN fast forwarding (WFF) messages.

WFF_HARDWARE_INIT_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because initialization failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_INIT_FAILED: Firmware 0 was set to pass-through mode because initialization failed.
Explanation	The pass-through mode was set for the firmware because of firmware initialization failure.
Recommended action	No action is required.

WFF_HARDWARE_IPC_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because IPC check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_IPC_FAILED: Firmware 0 was set to pass-through mode because IPC check failed.
Explanation	The pass-through mode was set for the firmware because of IPC check failure.
Recommended action	No action is required.

WFF_HARDWARE_LOOPBACK_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because loopback check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_LOOPBACK_FAILED: Firmware 0 was set to pass-through mode because loopback check failed.
Explanation	The pass-through mode was set for the firmware because of loopback check failure.
Recommended action	No action is required.

WFF_HARDWARE_PCIE_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because PCIE check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_LOOPBACK_FAILED: Firmware 0 was set to pass-through mode because PCIE check failed.
Explanation	The pass-through mode was set for the firmware because of a PCIE check failure.
Recommended action	No action is required.

WIPS messages

This section contains WIPS messages.

APFLOOD

Message text	-VSD=[STRING]; AP flood detected.
Variable fields	$1: VSD name.
Severity level	5
Example	WIPS/5/APFLOOD: -VSD=home; AP flood detected.
Explanation	The number of APs detected in the specified VSD reached the threshold.
Recommended action	Determine whether the device has suffered an attack.

AP_CHANNEL_CHANGE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected.
Explanation	The channel of the specified AP changed.
Recommended action	Determine whether the channel change is valid.

ASSOCIATEOVERFLOW

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected.
Explanation	The specified AP sent an association response with the status code 17.
Recommended action	Determine whether the AP has suffered an attack.

WIPS_DOS

Message text	-VSD=[STRING]; [STRING] rate attack detected.
Variable fields	$1: VSD name. $2: Device type: AP or client.
Severity level	5
Example	WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected.
Explanation	The number of device entries learned within the specified interval reached the threshold.
Recommended action	Determine whether the device suffers an attack.

WIPS_FLOOD

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] flood detected.
Variable fields	$1: VSD name. $2: Attacker's MAC address. $3: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start
Severity level	5
Example	WIPS/5/WIPS_FLOOD: -VSD=home-SrcMAC=1122-3344-5566; Association request flood detected.
Explanation	The number of a specific type of packets detected within the specified interval reached the threshold.
Recommended action	Determine whether the packet sender is an authorized device.

HONEYPOT

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected.
Explanation	The specified AP was detected as a honeypot AP.
Recommended action	Determine whether the device has suffered an attack.

HTGREENMODE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected.
Explanation	The specified AP was detected as an HT-greenfield AP.
Recommended action	Determine whether the device has suffered an attack.

WIPS_MALF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING].
Variable fields	$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack.
Severity level	5
Example	WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack.
Explanation	A malformed packet was detected.
Recommended action	Determine whether the packet sender is an authorized device.

MAN_IN_MIDDLE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected.
Variable fields	$1: VSD name. $2: MAC address of the client.
Severity level	5
Example	WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected.
Explanation	The specified client suffered a man-in-the-middle attack.
Recommended action	Determine whether the client has suffered a man-in-the-middle attack.

WIPS_ROGUE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Rogue AP detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the rogue AP.
Severity level	5
Example	WIPS/5/WIPS_ROGUE: -VSD=home-SrcMAC=1122-3344-5566; Rogue AP detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	A rogue AP was detected.
Recommended action	Enable WIPS to take countermeasures against rogue APs.

WIPS_SPOOF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected.
Variable fields	$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP.
Severity level	5
Example	WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected.
Explanation	A spoofing attack was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_UNAUTH

Message text	-VSD=[STRING]-SrcMAC=[MAC];Unauthorized client detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the unauthorized client.
Severity level	5
Example	WIPS/5/WIPS_UNAUTH: -VSD=home-SrcMAC=1122-3344-5566; Unauthorized client detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	An unauthorized client was detected.
Recommended action	Determine whether unauthorized clients exist.

WIPS_WEAKIV

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected.
Variable fields	$1: VSD name. $2: Sender's MAC address.
Severity level	5
Example	WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected.
Explanation	A weak IV was detected.
Recommended action	Use a more secure encryption method to encrypt packets.

WIRELESSBRIDGE

Message text	-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected.
Variable fields	$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2.
Severity level	5
Example	WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected.
Explanation	The specified APs set up a wireless bridge.
Recommended action	Determine whether the wireless bridge is valid.

WLANAUD messages

This section contains WLANAUD messages.

WLANAUD_CLIENT_ONLINE

Message text	· UserIP=[STRING], UserMAC=[STRING], APMAC=[STRING]. · UserMAC=[STRING], UserIP=[STRING], APName=[ STRING], APMAC=[STRING], SSID=[ STRING], BSSID=[ STRING].
Variable fields	$1: IP address of the client. $2: MAC address of the client. $3: MAC address of the AP with which the client is associated. $4: Name of the AP with which the client is associated. $5: SSID with which the client is associated. $6: BSSID with which the client is associated.
Severity level	5
Example	· WLANAUD/5/WLAN_CLIENT_ONLINE: UserIP=192.168.0.1, UserMAC=0023-8933-2147, APMAC=31AC-11EA-17FF. · WLANAUD/5/WLAN_CLIENT_ONLINE: UserMAC=31ac-11ea-17ff, UserIP=192.168.0.1, APName=ap1, APMAC=000f-ea00-3350, SSID=zhongyan, BSSID=000f-ea00-3352.
Explanation	A client was associated with an AP.
Recommended action	No action is required.

WMESH messages

This section contains WLAN mesh messages.

MESH_ACTIVELINK_SWITCH

Message text	Switch an active link from [MAC] ([CHAR]) to [MAC] ([CHAR]): peer quantity = [UINT64], link quantity = [UINT16], switch reason = [UINT32].
Variable fields	$1: Mesh peer MAC address before active/standby link switchover. $2: RSSI on the link before active/standby link switchover. $3: Mesh peer MAC address after active/standby link switchover. $4: RSSI on the link after active/standby link switchover. $5: Mesh peer quantity after active/standby link switchover. $6: Mesh link quantity after active/standby link switchover. $7: Reason for link switchover: · 1—First mesh link establishment. · 2—Active switchover (MLSP link switchover optimization disabled). · 3—Active switchover (MLSP link switchover optimization enabled). · 4—Passive switchover or switchover after forced logoff.
Severity level	5
Example	WMESH/5/MESH_ACTIVELINK_SWITCH: Switch an active link from 50da-00d2-4b50 (55) to 50da-00d2-49e0 (74): peer quantity = 3, link quantity = 2, switch reason = 2.
Explanation	An active/standby mesh link switchover occurred.
Recommended action	No action is required.

MESH_LINKDOWN

Message text	Mesh link on interface [CHAR] is down: peer MAC = [MAC], RSSI = [CHAR], reason: [STRING] ([STRING]).
Variable fields	$1: Link interface number. $2: Mesh peer MAC address. $3: RSSI on the link. $4: Reason: · AP status change. · Radio status change. · Mesh configuration change—Mesh configuration, such as mesh profile or mesh policy, changed. · Mesh BSS deleted. · Excessive RSSI—The link RSSI has exceeded the link saturation RSSI. · Weak RSSI. · Packet check failure. · Link keepalive failure. · Active link keepalive failure. · Worst link replaced when MLSP link limit is reached. · Neighbor zerocfg status change—The state of a neighbor of the temporary link is changed from zero configuration to non-zero configuration. · Neighbor refresh. · Mesh link established during scan initialization or auto channel scan. · Unknown reason. $5: Link terminated by: · local. · peer.
Severity level	5
Example	WMESH/5/MESH_LINKDOWN: Mesh link on interface 50 is down: peer MAC = 50da-00d2-4b50, RSSI = 45, reason: AP status change (peer).
Explanation	A mesh link was terminated.
Recommended action	No action is required.

MESH_LINKUP

Message text	Mesh link on interface [CHAR] is up: peer MAC = [MAC], peer radio mode = [UINT32], RSSI = [CHAR].
Variable fields	$1: Link interface number. $2: Mesh peer MAC address. $3: Mesh peer radio mode: · 0—Any mode except for 802.11n and 802.11ac. · 1—802.11n. · 2—802.11ac. $4: RSSI on the link.
Severity level	5
Example	WMESH/5/MESH_LINKUP: Mesh link on interface 51 is up: peer MAC = 50da-00d2-4b50, peer radio mode = 0, RSSI = 74.
Explanation	A mesh link was established.
Recommended action	No action is required.

MESH_REVOPEN_MAC

Message text	Received a link open request from AP [MAC] in confirm received state.
Variable fields	$1: AP MAC address.
Severity level	5
Example	WMESH/5/MESH_REVOPEN_MAC: Received a link open request from AP 50da-00d2-4b50 in confirm received state.
Explanation	The MP received a Link Open request in confirm received state.
Recommended action	No action is required.

WRDC messages

This section contains WRDC messages.

WRDC_USER_DELETE

Message text	-UserMAC=[STRING]-UserIP=[IPADDR]. A user was deleted.
Variable fields	$1: Client MAC address. $2: Client IP address.
Severity level	6
Example	WRDC/6/WRDC_USER_DELETE: -UserMAC=0021-0011-0033-UserIP=192.168.1.2. A user was deleted.
Explanation	The WLAN roaming center deleted a client entry after the client went offline from all ACs.
Recommended action	No action is required.

WRDC_USER_OFFLINE

Message text	-UserMAC=[STRING]-UserIP=[IPADDR]-ACIP =[IPADDR]; A user went offline. Reason: [STRING].
Variable fields	$1: Client MAC address. $2: Client IP address. $3: IP address of the AC from which the client came online. $4: Reason: · User request—The client requested to go offline. · DHCP release—The DHCP release of the client's IP address has expired. · Other reason.
Severity level	6
Example	WRDC/6/WRDC_USER_OFFLINE: -UserMAC=0021-0011-0033-UserIP=192.168.1.2-ACIP=192.168.3.1; A user went offline. Reason: User request.
Explanation	A client went offline.
Recommended action	No action is required.

WRDC_USER_ONLINE

Message text	-UserMAC=[STRING]-UserIP=[IPADDR]-ACIP=[IPADDR]. A user came online.
Variable fields	$1: Client MAC address. $2: Client IP address. $3: IP address of the AC from which the client came online.
Severity level	6
Example	WRDC/6/WRDC_USER_ONLINE: -UserMAC=0021-0011-0033-UserIP=192.168.1.2-ACIP=192.168.3.1. A user came online.
Explanation	A client came online.
Recommended action	No action is required.

WRDC_USER_ROAM

Message text	-UserMAC=[STRING]-UserIP=[IPADDR]. A user roamed from AC [IPADDR] to AC [IPADDR].
Variable fields	$1: Client MAC address. $2: Client IP address. $3: IP address of the AC from which the client came online before roaming. $4: IP address of the AC from which the client came online after roaming.
Severity level	6
Example	WRDC/6/WRDC_USER_ROAM: -UserMAC=0021-0011-0033-UserIP=192.168.1.2. A user roamed from AC 192.168.3.1 to AC 192.168.3.2.
Explanation	A client performed an inter-AC roaming.
Recommended action	No action is required.

WSA messages

This section contains Wireless Spectrum Analysis (WSA) messages.

WSA_DEVICE

Message text	[APID: UINT32, RADIOID: UCHAR]; [STRING] detected.
Variable fields	$1: AP ID. $2: Radio ID. $3: Interference devices. Options include the following: ¡ Microwave ovens. ¡ Microwave oven inverters. ¡ Bluetooth devices. ¡ Other fixed frequency devices. ¡ Cordless phones using fixed frequency. ¡ Video devices using fixed frequency. ¡ Audio devices using fixed frequency. ¡ Other hopper frequency devices. ¡ Frequency-hopping cordless phone bases. ¡ Frequency-hopping cordless networks (2.4 GHz). ¡ Microsoft Xboxes. ¡ Other devices. ¡ Frequency-hopping cordless networks (5 GHz).
Severity level	5
Example	WSA/5/WSA_DEVICE: [APID: 1, RADIODID: 2]; Bluetooth devices detected.
Explanation	The radio interface of an AP detected an interference device.
Recommended action	Determine whether the device has suffered an attack.

Message text	Updated the antivirus signature library successfully.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Updated the antivirus signature library successfully.
Explanation	This message is sent when the antivirus signature library is immediately or locally updated.
Recommended action	No action is required.

Message text	Rolled back the antivirus signature library successfully.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Rolled back the antivirus signature library successfully.
Explanation	This message is sent when the antivirus signature library is rolled back to the previous version or the factory version.
Recommended action	No action is required.

Message text	Failed to update the antivirus signature library because no valid license was found for the antivirus feature.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Failed to update the antivirus signature library because no valid license was found for the antivirus feature.
Explanation	This message is sent when one of the following antivirus signature library upgrade failure occurs: · Web-based or CLI-based immediate upgrade failed because no valid license is found. · Web-based local upgrade failed because no valid license is found.
Recommended action	No action is required.

Message text	Failed to establish phase 1 SA in [STRING] mode [STRING] state. Reason: [STRING]. SA information: · Role: [STRING] · Local IP: [STRING] · Local ID type: [STRING] · Local ID: [STRING] · Local port: [UINT32] · Retransmissions: [UINT32] · Remote IP: [STRING] · Remote ID type: [STRING] · Remote ID: [STRING] · Remote port: [UINT32] · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32] · IKE profile name: [STRING]
Variable fields	$1: Negotiation mode: main or aggressive. $2: State of the negotiation state machine. $3: Failure reason: ¡ Failed to verify the peer signature. ¡ HASH payload is missing. ¡ Failed to verify the peer HASH. Local HASH is %s. Peer HASH is %s. ¡ Signature payload is missing. ¡ Failed to get subject name from certificate. ¡ Failed to get certificate. ¡ Failed to get local certificate. ¡ Failed to get private key. ¡ Failed to verify the peer certificate (%s). ¡ Failed to get ID data for constructing ID payload. ¡ Invalid ID payload length: %d. ¡ Invalid ID payload with protocol %u and port %u. ¡ Invalid ID type (%u). ¡ Unsupported attribute %u. ¡ Attribute %s is repeated. ¡ Unsupported DOI %s. ¡ Unsupported IPsec DOI situation (%u). ¡ KE payload is missing. ¡ Invalid KE payload length (%lu). ¡ Invalid nonce payload length (%lu). ¡ No available proposal. ¡ Failed to parse the Cert Request payload. ¡ The proposal payload must be the last payload in the SA payload, but it is found followed by the %s payload. ¡ Unexpected protocol ID (%u) found in proposal payload. ¡ No transform payload in proposal payload. ¡ Transform number is not monotonically increasing. ¡ Invalid transform ID (%s). ¡ No acceptable transform. ¡ Unexpected %s payload in proposal. ¡ Invalid SPI length (%d) in proposal payload. ¡ Only one transform is permitted in one proposal, but %u transforms are found. ¡ Failed to find matching proposal in profile %s. ¡ Failed to find proposal %u in profile %s. ¡ Failed to find keychain %s in profile %s. ¡ Retransmission timeout. ¡ Incorrect configuration. ¡ Failed to construct certificate request payload. ¡ An error notification is received. ¡ Failed to add tunnel. $4: Role, initiator or responder. $5-$9: Information about the local end. $10-$14: Information about the remote end. $15: Inside VPN instance. $16: Outside VPN instance. $17-$18: Initiator cookie and responder cookie. $19: Connection ID. $20: IKE tunnel ID. The default is 4294967295. $21: IKE profile name.
Severity level	6
Example	IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA in main mode IKE_P1_STATE_SEND1 state. Reason: Failed to get certificate. SA information: · Role: Initiator · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance : bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Connection ID: 1 · Tunnel ID: 1 · IKE profile name: abc
Explanation	IKE failed to establish a phase 1 SA. This message also displays the failure reason and information about the SA.
Recommended action	Verify the IKE configuration on the local and remote ends.

Message text	The IKE phase 1 SA was deleted. Reason: [STRING]. SA information: · Role: [STRING] · Local IP: [STRING] · Local ID type: [STRING] · Local ID: [STRING] · Local port: [UINT32] · Retransmissions: [UINT32] · Remote IP: [STRING] · Remote ID type: [STRING] · Remote ID: [STRING] · Remote port: [UINT32] · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32] · IKE profile name: [STRING]
Variable fields	$1: Reason for the deletion: ¡ DPD timeout. ¡ New IKE SA had been negotiated, and the old one was deleted. ¡ The IKE SA was redundant. ¡ An IKE SA deletion message was received from peer. ¡ IKE keepalive timed out. ¡ The IKE SA expired. ¡ The reset ike sa connection-id command was executed. ¡ All IKE SAs were deleted. ¡ The IKE SA in the GDOI group was deleted. $2: Role, initiator or responder. $3-$7: Information about the local end. $8-$12: Information about the remote end. $13: Inside VPN instance. $14: Outside VPN instance. $15-$16: Initiator cookie and responder cookie. $17: Connection ID. $18: IKE tunnel ID. The default is 4294967295. $19: IKE profile name.
Severity level	6
Example	IKE/6/IKE_P1_SA_TERMINATE: The IKE phase 1 SA was deleted. Reason: DPD timeout. SA information: · Role: Responder · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance: bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Connection ID: 1 · Tunnel ID: 1 · IKE profile name: abc
Explanation	The IKE SA established in phase 1 was deleted. This message also displays the deletion reason and information about the SA.
Recommended action	No action is required.

Message text	Failed to establish phase 2 SA in [STRING] state. Reason: [STRING]. SA information: · Role: [STRING]. · Local address: [STRING]. · Remote address: [STRING]. · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: Protocol:[STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING]. · Outside VPN instance: [STRING]. · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING]. · Message ID: [STRING]. · Connection ID: [UINT32]. · Tunnel ID: [UINT32].
Variable fields	$1: State of the negotiation state machine. $2: Failure reason: ¡ Failed to construct ID payload. ¡ Failed to calculate %s. ¡ Failed to validate %s. ¡ Failed to compute key material. ¡ Incorrect configuration. ¡ Failed to switch IPsec SA. ¡ The nonce payload doesn't exist. ¡ Invalid nonce payload length (%lu). ¡ No valid DH group description in SA payload. ¡ The KE payload doesn't exist. ¡ Too many KE payloads. ¡ The length of the KE payload doesn't match the DH group description. ¡ Failed to send message to IPsec when getting SP. ¡ Failed to send message to IPsec when getting SPI. ¡ Failed to add phase 2 SA. ¡ Retransmission of phase 2 packet timed out. ¡ Collision detected in phase 2 negotiation. ¡ No matching proposal found between the local and remote ends. ¡ Transform number is not monotonically increasing. ¡ Proposal payload has more transforms than specified in the proposal payload. ¡ Proposal payload has less transforms than specified in the proposal payload. ¡ Attribute %d is repeated in IPsec transform %d. ¡ SA_LIFE_TYPE attribute is repeated in packet. ¡ The SA_LIFE_TYPE attribute must be in front of the SA_LIFE_DURATION attribute. ¡ Unsupported IPsec attribute %s. ¡ The encapsulation mode must be specified in the IPsec transform set. ¡ Invalid SPI length (%u) in IPsec proposal. ¡ Invalid SPI (%u) in IPsec proposal. ¡ The Transform ID (%d) in transform %d doesn't match authentication algorithm %s (%u). ¡ Failed to get SPI from proposal. ¡ No transform in IPsec proposal. ¡ A proposal payload contains more than one AH proposal. ¡ Invalid next payload (%u) in proposal. ¡ No ESP or AH proposal. ¡ Unsupported DOI. ¡ Unsupported IPsec DOI situation (%u). ¡ Invalid IPsec proposal %u. ¡ Failed to get IPsec policy when renegotiating IPsec SA. ¡ Failed to get IPsec policy as phase 2 responder. $3: Role, initiator or responder. $4: Local IP address. $5: Remote IP address. $6-$11: Data flow-related parameters. $12: Inside VPN instance. $13: Outside VPN instance. $14: Inbound AH SPI. $15: Outbound AH SPI. $16: Inbound ESP SPI. $17: Outboundd ESP SPI. $18-$19: Initiator cookie and responder cookie. $20: Message ID. $21: Connection ID. $22: IKE tunnel ID. The default is 4294967295.
Severity level	6
Example	IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSPI state. Reason: Failed to get SPI from proposal. SA information: · Role: Responder · Local address: 2.2.2.2 · Remote address: 1.1.1.1 · Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP · Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP · Inside VPN instance: aaa · Outside VPN instance: bbb · Inbound AH SPI: 192365458 · Outbound AH SPI: 13654581 · Inbound ESP SPI: 292334583 · Outbound ESP SPI: 5923654586 · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1 · Tunnel ID: 1
Explanation	IKE failed to establish a phase 2 SA. This message also displays the failure reason and information about the SA.
Recommended action	Verify the IKE and IPsec configurations on the local and remote ends.

Example	The IKE phase 2 SA was deleted. Reason: [STRING]. SA information: · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Message ID: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32]
Variable fields	$1: Reason for the deletion: ¡ The SA expired. ¡ An IPsec SA deletion message was received from peer. ¡ New P2 SA had been negotiated, and the old one was deleted. ¡ All P2 SAs were deleted. ¡ The P2 SA was deleted by SPID. ¡ The P2 SA was deleted by IFIndex. ¡ The P2 SA was deleted by SA index. $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow-related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outboundd ESP SPI. $17-$18: Initiator cookie and responder cookie. $19: Message ID. $20: Connection ID. $21: IKE tunnel ID. The default is 4294967295.
Severity level	6
Example	IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted. Reason: An IPsec SA deletion message was received. SA information: · Role: Responder · Local address: 2.2.2.2 · Remote address: 1.1.1.1 · Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP · Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP · Inside VPN instance: aaa · Outside VPN instance: bbb · Inbound AH SPI: 192365458 · Outbound AH SPI: 13654581 · Inbound ESP SPI: 292334583 · Outbound ESP SPI: 5923654586 · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1 · Tunnel ID: 1
Explanation	An IKE phase 2 SA was deleted. This message also displays the deletion reason and information about the SA.
Recommended action	No action is required.

Example	Failed to pass extended authentication in [STRING] mode [STRING] state. Reason: [STRING]. SA information: · Role: [STRING]. · Local IP: [STRING]. · Local ID type: [STRING]. · Local ID: [STRING]. · Local port: [UINT32]. · Retransmissions: [UINT32] · Remote IP: [STRING]. · Remote ID type: [STRING]. · Remote ID: [STRING]. · Remote port: [UINT32]. · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING]. · Outside VPN instance: [STRING]. · Initiator Cookie: [STRING] · Responder Cookie: [STRING]. · Message ID: [STRING]. · Connection ID: [UINT32]
Variable fields	$1: Negotiation mode: main or aggressive. $2: State of the negotiation state machine. $3: Failure reason: ¡ Failed to verify the HASH payload. ¡ Failed to parse the attribute payload. $4: Role, initiator or responder. $5-$9: Information about the local end. $10-$14: Information about the remote end. $15: Inside VPN instance. $16: Outside VPN instance. $17-$18: Initiator cookie and responder cookie. $19: Message ID. $20: Connection ID.
Severity level	6
Example	IKE/6/IKE_XAUTU_FAILE: Failed to pass extended authentication, in main mode IKE_XAUTH_STATE_SET state. Reason: Failed to parse the attribute payload. SA information: · Role: Initiator · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance: bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1
Explanation	Extended authentication failed. This message also displays the failure reason and information about the SA.
Recommended action	No action is required.