H3C S12500X-AF System Log Messages Reference(R320x)-6W101

HomeSupportResource CenterSwitchesH3C S12500X-AF Switch SeriesH3C S12500X-AF Series SwitchesTechnical DocumentsReference GuidesLog Message ReferencesH3C S12500X-AF System Log Messages Reference(R320x)-6W101
Table of Contents
Related Documents

 

H3C S12500X-AF Switch Series

System Log Messages Reference

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Document version: 6W101-20210208

 

Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.


Contents

Introduction· 1

System log message format 1

Managing and obtaining system log messages· 3

Obtaining log messages from the console terminal 3

Obtaining log messages from a monitor terminal 3

Obtaining log messages from the log buffer 3

Obtaining log messages from the log file· 4

Obtaining log messages from a log host 4

Software module list 4

Using this document 8

AAA messages· 9

AAA_FAILURE· 9

AAA_LAUNCH· 9

AAA_SUCCESS· 10

ACL messages· 10

ACL_ACCELERATE_NO_RES· 10

ACL_ACCELERATE_NONCONTIGUOUSMASK· 11

ACL_ACCELERATE_NOT_SUPPORT· 11

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP· 11

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG·· 12

ACL_ACCELERATE_UNK_ERR· 12

ACL_IPV6_STATIS_INFO·· 12

ACL_NO_MEM·· 13

ACL_STATIS_INFO·· 13

ANCP messages· 13

ANCP_INVALID_PACKET· 14

ARP messages· 14

ARP_ACTIVE_ACK_NO_REPLY· 14

ARP_ACTIVE_ACK_NOREQUESTED_REPLY· 15

ARP_BINDRULETOHW_FAILED·· 15

ARP_DETECTION_LOG·· 16

ARP_DUPLICATE_IPADDR_DETECT· 16

ARP_DYNAMIC· 17

ARP_DYNAMIC_IF· 17

ARP_DYNAMIC_SLOT· 18

ARP_ENTRY_CONFLICT· 19

ARP_HOST_IP_CONFLICT· 19

ARP_LOCALPROXY_ENABLE_FAILED·· 20

ARP_RATE_EXCEEDED·· 20

ARP_RATELIMIT_NOTSUPPORT· 21

ARP_SENDER_IP_INVALID·· 21

ARP_SENDER_MAC_INVALID·· 22

ARP_SENDER_SMACCONFLICT· 22

ARP_SENDER_SMACCONFLICT_VSI 23

ARP_SRC_MAC_FOUND_ATTACK· 23

ARP_SUP_ENABLE_FAILED·· 24

ARP_TARGET_IP_INVALID·· 24

ARP_THRESHOLD_REACHED·· 24

ARP_USER_DUPLICATE_IPADDR_DETECT· 25

ARP_USER_MOVE_DETECT· 26

DUPIFIP· 26

DUPIP· 27

DUPVRRPIP· 27

ATK messages· 27

ATK_ICMP_ADDRMASK_REQ·· 28

ATK_ICMP_ADDRMASK_REQ_RAW·· 29

ATK_ICMP_ADDRMASK_REQ_RAW_SZ· 30

ATK_ICMP_ADDRMASK_REQ_SZ· 31

ATK_ICMP_ADDRMASK_RPL· 32

ATK_ICMP_ADDRMASK_RPL_RAW·· 33

ATK_ICMP_ADDRMASK_RPL_RAW_SZ· 34

ATK_ICMP_ADDRMASK_RPL_SZ· 35

ATK_ICMP_ECHO_REQ·· 36

ATK_ICMP_ECHO_REQ_RAW·· 37

ATK_ICMP_ECHO_REQ_RAW_SZ· 38

ATK_ICMP_ECHO_REQ_SZ· 39

ATK_ICMP_ECHO_RPL· 40

ATK_ICMP_ECHO_RPL_RAW·· 41

ATK_ICMP_ECHO_RPL_RAW_SZ· 42

ATK_ICMP_ECHO_RPL_SZ· 43

ATK_ICMP_FLOOD·· 44

ATK_ICMP_FLOOD_SZ· 44

ATK_ICMP_INFO_REQ·· 45

ATK_ICMP_INFO_REQ_RAW·· 46

ATK_ICMP_INFO_REQ_RAW_SZ· 47

ATK_ICMP_INFO_REQ_SZ· 48

ATK_ICMP_INFO_RPL· 49

ATK_ICMP_INFO_RPL_RAW·· 50

ATK_ICMP_INFO_RPL_RAW_SZ· 51

ATK_ICMP_INFO_RPL_SZ· 52

ATK_ICMP_LARGE· 53

ATK_ICMP_LARGE_RAW·· 54

ATK_ICMP_LARGE_RAW_SZ· 54

ATK_ICMP_LARGE_SZ· 55

ATK_ICMP_PARAPROBLEM·· 56

ATK_ICMP_PARAPROBLEM_RAW·· 57

ATK_ICMP_PARAPROBLEM_RAW_SZ· 58

ATK_ICMP_PARAPROBLEM_SZ· 59

ATK_ICMP_PINGOFDEATH· 60

ATK_ICMP_PINGOFDEATH_RAW·· 61

ATK_ICMP_PINGOFDEATH_RAW_SZ· 61

ATK_ICMP_PINGOFDEATH_SZ· 62

ATK_ICMP_REDIRECT· 63

ATK_ICMP_REDIRECT_RAW·· 64

ATK_ICMP_REDIRECT_RAW_SZ· 65

ATK_ICMP_REDIRECT_SZ· 66

ATK_ICMP_SMURF· 67

ATK_ICMP_SMURF_RAW·· 68

ATK_ICMP_SMURF_RAW_SZ· 69

ATK_ICMP_SMURF_SZ· 70

ATK_ICMP_SOURCEQUENCH· 71

ATK_ICMP_SOURCEQUENCH_RAW·· 72

ATK_ICMP_SOURCEQUENCH_RAW_SZ· 73

ATK_ICMP_SOURCEQUENCH_SZ· 74

ATK_ICMP_TIMEEXCEED·· 75

ATK_ICMP_TIMEEXCEED_RAW·· 76

ATK_ICMP_TIMEEXCEED_RAW_SZ· 77

ATK_ICMP_TIMEEXCEED_SZ· 78

ATK_ICMP_TRACEROUTE· 79

ATK_ICMP_TRACEROUTE_RAW·· 80

ATK_ICMP_TRACEROUTE_RAW_SZ· 80

ATK_ICMP_TRACEROUTE_SZ· 81

ATK_ICMP_TSTAMP_REQ·· 82

ATK_ICMP_TSTAMP_REQ_RAW·· 83

ATK_ICMP_TSTAMP_REQ_RAW_SZ· 84

ATK_ICMP_TSTAMP_REQ_SZ· 85

ATK_ICMP_TSTAMP_RPL· 86

ATK_ICMP_TSTAMP_RPL_RAW·· 87

ATK_ICMP_TSTAMP_RPL_RAW_SZ· 88

ATK_ICMP_TSTAMP_RPL_SZ· 89

ATK_ICMP_TYPE· 90

ATK_ICMP_TYPE_RAW·· 91

ATK_ICMP_TYPE_RAW_SZ· 92

ATK_ICMP_TYPE_SZ· 93

ATK_ICMP_UNREACHABLE· 94

ATK_ICMP_UNREACHABLE_RAW·· 95

ATK_ICMP_UNREACHABLE_RAW_SZ· 96

ATK_ICMP_UNREACHABLE_SZ· 97

ATK_ICMPV6_DEST_UNREACH· 98

ATK_ICMPV6_DEST_UNREACH_RAW·· 99

ATK_ICMPV6_DEST_UNREACH_RAW_SZ· 99

ATK_ICMPV6_DEST_UNREACH_SZ· 100

ATK_ICMPV6_ECHO_REQ·· 101

ATK_ICMPV6_ECHO_REQ_RAW·· 102

ATK_ICMPV6_ECHO_REQ_RAW_SZ· 102

ATK_ICMPV6_ECHO_REQ_SZ· 103

ATK_ICMPV6_ECHO_RPL· 104

ATK_ICMPV6_ECHO_RPL_RAW·· 105

ATK_ICMPV6_ECHO_RPL_RAW_SZ· 105

ATK_ICMPV6_ECHO_RPL_SZ· 106

ATK_ICMPV6_FLOOD·· 107

ATK_ICMPV6_FLOOD_SZ· 107

ATK_ICMPV6_GROUPQUERY· 108

ATK_ICMPV6_GROUPQUERY_RAW·· 109

ATK_ICMPV6_GROUPQUERY_RAW_SZ· 109

ATK_ICMPV6_GROUPQUERY_SZ· 110

ATK_ICMPV6_GROUPREDUCTION· 111

ATK_ICMPV6_GROUPREDUCTION_RAW·· 112

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ· 112

ATK_ICMPV6_GROUPREDUCTION_SZ· 113

ATK_ICMPV6_GROUPREPORT· 114

ATK_ICMPV6_GROUPREPORT_RAW·· 115

ATK_ICMPV6_GROUPREPORT_RAW_SZ· 115

ATK_ICMPV6_GROUPREPORT_SZ· 116

ATK_ICMPV6_LARGE· 117

ATK_ICMPV6_LARGE_RAW·· 117

ATK_ICMPV6_LARGE_RAW_SZ· 118

ATK_ICMPV6_LARGE_SZ· 118

ATK_ICMPV6_PACKETTOOBIG·· 119

ATK_ICMPV6_PACKETTOOBIG_RAW·· 120

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ· 120

ATK_ICMPV6_PACKETTOOBIG_SZ· 121

ATK_ICMPV6_PARAPROBLEM·· 122

ATK_ICMPV6_PARAPROBLEM_RAW·· 123

ATK_ICMPV6_PARAPROBLEM_RAW_SZ· 123

ATK_ICMPV6_PARAPROBLEM_SZ· 124

ATK_ICMPV6_TIMEEXCEED·· 125

ATK_ICMPV6_TIMEEXCEED_RAW·· 126

ATK_ICMPV6_TIMEEXCEED_RAW_SZ· 126

ATK_ICMPV6_TIMEEXCEED_SZ· 127

ATK_ICMPV6_TRACEROUTE· 128

ATK_ICMPV6_TRACEROUTE_RAW·· 129

ATK_ICMPV6_TRACEROUTE_RAW_SZ· 130

ATK_ICMPV6_TRACEROUTE_SZ· 131

ATK_ICMPV6_TYPE· 132

ATK_ICMPV6_TYPE _RAW_SZ· 133

ATK_ICMPV6_TYPE_RAW·· 133

ATK_ICMPV6_TYPE_SZ· 134

ATK_IP_OPTION· 135

ATK_IP_OPTION_RAW·· 136

ATK_IP_OPTION_RAW_SZ· 137

ATK_IP_OPTION_SZ· 138

ATK_IP4_ACK_FLOOD·· 139

ATK_IP4_ACK_FLOOD_SZ· 139

ATK_IP4_DIS_PORTSCAN· 140

ATK_IP4_DIS_PORTSCAN_SZ· 140

ATK_IP4_DNS_FLOOD·· 141

ATK_IP4_DNS_FLOOD_SZ· 141

ATK_IP4_FIN_FLOOD·· 142

ATK_IP4_FIN_FLOOD_SZ· 142

ATK_IP4_FRAGMENT· 143

ATK_IP4_FRAGMENT_RAW·· 144

ATK_IP4_FRAGMENT_RAW_SZ· 145

ATK_IP4_FRAGMENT_SZ· 146

ATK_IP4_HTTP_FLOOD·· 147

ATK_IP4_HTTP_FLOOD_SZ· 147

ATK_IP4_IMPOSSIBLE· 148

ATK_IP4_IMPOSSIBLE_RAW·· 149

ATK_IP4_IMPOSSIBLE_RAW_SZ· 150

ATK_IP4_IMPOSSIBLE_SZ· 151

ATK_IP4_IPSWEEP· 152

ATK_IP4_IPSWEEP_SZ· 152

ATK_IP4_PORTSCAN· 153

ATK_IP4_PORTSCAN_SZ· 153

ATK_IP4_RST_FLOOD·· 154

ATK_IP4_RST_FLOOD_SZ· 154

ATK_IP4_SYN_FLOOD·· 155

ATK_IP4_SYN_FLOOD_SZ· 155

ATK_IP4_SYNACK_FLOOD·· 156

ATK_IP4_SYNACK_FLOOD_SZ· 156

ATK_IP4_TCP_ALLFLAGS· 157

ATK_IP4_TCP_ALLFLAGS_RAW·· 158

ATK_IP4_TCP_ALLFLAGS_RAW_SZ· 158

ATK_IP4_TCP_ALLFLAGS_SZ· 159

ATK_IP4_TCP_FINONLY· 160

ATK_IP4_TCP_FINONLY_RAW·· 161

ATK_IP4_TCP_FINONLY_RAW_SZ· 161

ATK_IP4_TCP_FINONLY_SZ· 162

ATK_IP4_TCP_INVALIDFLAGS· 163

ATK_IP4_TCP_INVALIDFLAGS_RAW·· 164

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ· 165

ATK_IP4_TCP_INVALIDFLAGS_SZ· 166

ATK_IP4_TCP_LAND·· 167

ATK_IP4_TCP_LAND_RAW·· 168

ATK_IP4_TCP_LAND_RAW_SZ· 168

ATK_IP4_TCP_LAND_SZ· 169

ATK_IP4_TCP_NULLFLAG·· 170

ATK_IP4_TCP_NULLFLAG_RAW·· 171

ATK_IP4_TCP_NULLFLAG_RAW_SZ· 171

ATK_IP4_TCP_NULLFLAG_SZ· 172

ATK_IP4_TCP_SYNFIN· 173

ATK_IP4_TCP_SYNFIN_RAW·· 174

ATK_IP4_TCP_SYNFIN_RAW_SZ· 174

ATK_IP4_TCP_SYNFIN_SZ· 175

ATK_IP4_TCP_WINNUKE· 176

ATK_IP4_TCP_WINNUKE_RAW·· 177

ATK_IP4_TCP_WINNUKE_RAW_SZ· 177

ATK_IP4_TCP_WINNUKE_SZ· 178

ATK_IP4_TEARDROP· 179

ATK_IP4_TEARDROP_RAW·· 180

ATK_IP4_TEARDROP_RAW_SZ· 181

ATK_IP4_TEARDROP_SZ· 182

ATK_IP4_TINY_FRAGMENT· 183

ATK_IP4_TINY_FRAGMENT_RAW·· 184

ATK_IP4_TINY_FRAGMENT_RAW_SZ· 185

ATK_IP4_TINY_FRAGMENT_SZ· 186

ATK_IP4_UDP_BOMB· 187

ATK_IP4_UDP_BOMB_RAW·· 188

ATK_IP4_UDP_BOMB_RAW_SZ· 189

ATK_IP4_UDP_BOMB_SZ· 190

ATK_IP4_UDP_FLOOD·· 191

ATK_IP4_UDP_FLOOD_SZ· 191

ATK_IP4_UDP_FRAGGLE· 192

ATK_IP4_UDP_FRAGGLE_RAW·· 193

ATK_IP4_UDP_FRAGGLE_RAW_SZ· 193

ATK_IP4_UDP_FRAGGLE_SZ· 194

ATK_IP4_UDP_SNORK· 195

ATK_IP4_UDP_SNORK_RAW·· 196

ATK_IP4_UDP_SNORK_RAW_SZ· 196

ATK_IP4_UDP_SNORK_SZ· 197

ATK_IP6_ACK_FLOOD·· 198

ATK_IP6_ACK_FLOOD_SZ· 198

ATK_IP6_DIS_PORTSCAN· 199

ATK_IP6_DIS_PORTSCAN_SZ· 199

ATK_IP6_DNS_FLOOD·· 200

ATK_IP6_DNS_FLOOD_SZ· 200

ATK_IP6_FIN_FLOOD·· 201

ATK_IP6_FIN_FLOOD_SZ· 201

ATK_IP6_FRAGMENT· 202

ATK_IP6_FRAGMENT_RAW·· 203

ATK_IP6_FRAGMENT_RAW_SZ· 203

ATK_IP6_FRAGMENT_SZ· 204

ATK_IP6_HTTP_FLOOD·· 205

ATK_IP6_HTTP_FLOOD_SZ· 205

ATK_IP6_IMPOSSIBLE· 206

ATK_IP6_IMPOSSIBLE_RAW·· 207

ATK_IP6_IMPOSSIBLE_RAW_SZ· 207

ATK_IP6_IMPOSSIBLE_SZ· 208

ATK_IP6_IPSWEEP· 208

ATK_IP6_IPSWEEP_SZ· 209

ATK_IP6_PORTSCAN· 209

ATK_IP6_PORTSCAN_SZ· 210

ATK_IP6_RST_FLOOD·· 210

ATK_IP6_RST_FLOOD_SZ· 211

ATK_IP6_SYN_FLOOD·· 211

ATK_IP6_SYN_FLOOD_SZ· 212

ATK_IP6_SYNACK_FLOOD·· 212

ATK_IP6_SYNACK_FLOOD_SZ· 213

ATK_IP6_TCP_ALLFLAGS· 213

ATK_IP6_TCP_ALLFLAGS_RAW·· 214

ATK_IP6_TCP_ALLFLAGS_RAW_SZ· 214

ATK_IP6_TCP_ALLFLAGS_SZ· 215

ATK_IP6_TCP_FINONLY· 216

ATK_IP6_TCP_FINONLY_RAW·· 216

ATK_IP6_TCP_FINONLY_RAW_SZ· 217

ATK_IP6_TCP_FINONLY_SZ· 217

ATK_IP6_TCP_INVALIDFLAGS· 218

ATK_IP6_TCP_INVALIDFLAGS_RAW·· 219

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ· 220

ATK_IP6_TCP_INVALIDFLAGS_SZ· 221

ATK_IP6_TCP_LAND·· 222

ATK_IP6_TCP_LAND_RAW·· 222

ATK_IP6_TCP_LAND_RAW_SZ· 223

ATK_IP6_TCP_LAND_SZ· 223

ATK_IP6_TCP_NULLFLAG·· 224

ATK_IP6_TCP_NULLFLAG_RAW·· 224

ATK_IP6_TCP_NULLFLAG_RAW_SZ· 225

ATK_IP6_TCP_NULLFLAG_SZ· 225

ATK_IP6_TCP_SYNFIN· 226

ATK_IP6_TCP_SYNFIN_RAW·· 226

ATK_IP6_TCP_SYNFIN_RAW_SZ· 227

ATK_IP6_TCP_SYNFIN_SZ· 227

ATK_IP6_TCP_WINNUKE· 228

ATK_IP6_TCP_WINNUKE_RAW·· 228

ATK_IP6_TCP_WINNUKE_RAW_SZ· 229

ATK_IP6_TCP_WINNUKE_SZ· 229

ATK_IP6_UDP_FLOOD·· 230

ATK_IP6_UDP_FLOOD_SZ· 230

ATK_IP6_UDP_FRAGGLE· 231

ATK_IP6_UDP_FRAGGLE_RAW·· 231

ATK_IP6_UDP_FRAGGLE_RAW_SZ· 232

ATK_IP6_UDP_FRAGGLE_SZ· 232

ATK_IP6_UDP_SNORK· 233

ATK_IP6_UDP_SNORK_RAW·· 233

ATK_IP6_UDP_SNORK_RAW_SZ· 234

ATK_IP6_UDP_SNORK_SZ· 234

ATK_IPOPT_ABNORMAL· 235

ATK_IPOPT_ABNORMAL_RAW·· 236

ATK_IPOPT_ABNORMAL_RAW_SZ· 237

ATK_IPOPT_ABNORMAL_SZ· 238

ATK_IPOPT_LOOSESRCROUTE· 239

ATK_IPOPT_LOOSESRCROUTE_RAW·· 240

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ· 241

ATK_IPOPT_LOOSESRCROUTE_SZ· 242

ATK_IPOPT_RECORDROUTE· 243

ATK_IPOPT_RECORDROUTE_RAW·· 244

ATK_IPOPT_RECORDROUTE_RAW_SZ· 245

ATK_IPOPT_RECORDROUTE_SZ· 246

ATK_IPOPT_ROUTEALERT· 247

ATK_IPOPT_ROUTEALERT_RAW·· 248

ATK_IPOPT_ROUTEALERT_RAW_SZ· 249

ATK_IPOPT_ROUTEALERT_SZ· 250

ATK_IPOPT_SECURITY· 251

ATK_IPOPT_SECURITY_RAW·· 252

ATK_IPOPT_SECURITY_RAW_SZ· 253

ATK_IPOPT_SECURITY_SZ· 254

ATK_IPOPT_STREAMID·· 255

ATK_IPOPT_STREAMID_RAW·· 256

ATK_IPOPT_STREAMID_RAW_SZ· 257

ATK_IPOPT_STREAMID_SZ· 258

ATK_IPOPT_STRICTSRCROUTE· 259

ATK_IPOPT_STRICTSRCROUTE_RAW·· 260

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ· 261

ATK_IPOPT_STRICTSRCROUTE_SZ· 262

ATK_IPOPT_TIMESTAMP· 263

ATK_IPOPT_TIMESTAMP_RAW·· 264

ATK_IPOPT_TIMESTAMP_RAW_SZ· 265

ATK_IPOPT_TIMESTAMP_SZ· 266

ATK_IPV6_EXT_HEADER· 267

ATK_IPV6_EXT_HEADER_RAW·· 268

ATK_IPV6_EXT_HEADER_RAW_SZ· 268

ATK_IPV6_EXT_HEADER_SZ· 269

BFD messages· 269

BFD_CHANGE_FSM·· 270

BFD_REACHED_UPPER_LIMIT· 270

BGP messages· 270

BGP_EXCEED_ROUTE_LIMIT· 271

BGP_REACHED_THRESHOLD·· 271

BGP_LOG_ROUTE_FLAP· 272

BGP_MEM_ALERT· 272

BGP_PEER_LICENSE_REACHED·· 272

BGP_ROUTE_LICENSE_REACHED·· 273

BGP_STATE_CHANGED·· 273

BLS messages· 273

BLS_ENTRY_ADD·· 274

BLS_ENTRY_DEL· 274

BLS_IPV6_ENTRY_ADD·· 275

BLS_IPV6_ENTRY_DEL· 275

CFD messages· 275

CFD_CROSS_CCM·· 276

CFD_ERROR_CCM·· 276

CFD_LOST_CCM·· 277

CFD_RECEIVE_CCM·· 277

CFGMAN messages· 278

CFGMAN_ARCHIVE_SCP_FAIL· 278

CFGMAN_CFGCHANGED·· 278

CFGMAN_EXIT_FROM_CONFIGURE· 279

CFGMAN_OPTCOMPLETION· 279

CONNLMT messages· 280

CONNLMT_IPV4_OVERLOAD·· 281

CONNLMT_IPV4_RECOVER· 282

CONNLMT_IPV6_OVERLOAD·· 283

CONNLMT_IPV6_RECOVER· 284

DEV messages· 284

BOARD_INSERTED·· 285

BOARD_REBOOT· 285

BOARD_REMOVED·· 285

BOARD_STATE_FAULT· 286

BOARD_STATE_NORMAL· 286

BOARD_STATE_STARTING·· 286

CFCARD_INSERTED·· 287

CFCARD_REMOVED·· 287

CHASSIS_REBOOT· 287

DEV_CLOCK_CHANGE· 288

DEV_FAULT_TOOLONG·· 288

DYINGGASP· 288

FAN_ABSENT· 289

FAN_DIRECTION_NOT_PREFERRED·· 289

FAN_FAILED·· 290

FAN_RECOVERED·· 290

MAD_DETECT· 291

POWER_ABSENT· 291

POWER_FAILED·· 292

POWER_MONITOR_ABSENT· 292

POWER_MONITOR_FAILED·· 293

POWER_MONITOR_RECOVERED·· 293

POWER_RECOVERED·· 294

RPS_ABSENT· 294

RPS_FAILED·· 295

RPS_NORMAL· 295

SUBCARD_FAULT· 296

SUBCARD_INSERTED·· 296

SUBCARD_REBOOT· 296

SUBCARD_REMOVED·· 297

SYSTEM_REBOOT· 297

TEMPERATURE_ALARM·· 298

TEMPERATURE_LOW·· 299

TEMPERATURE_NORMAL· 300

TEMPERATURE_SHUTDOWN· 301

TEMPERATURE_WARNING·· 302

VCHK_VERSION_INCOMPATIBLE· 302

DHCP·· 303

DHCP_NOTSUPPORTED·· 303

DHCP_NORESOURCES· 303

DHCPR·· 303

DHCPR_SERVERCHANGE· 304

DHCPR_SWITCHMASTER· 304

DHCPS messages· 304

DHCPS_ALLOCATE_IP· 305

DHCPS_CONFLICT_IP· 305

DHCPS_EXTEND_IP· 306

DHCPS_FILE· 306

DHCPS_RECLAIM_IP· 307

DHCPS_VERIFY_CLASS· 307

DHCPS6 messages· 307

DHCPS6_ALLOCATE_ADDRESS· 308

DHCPS6_ALLOCATE_PREFIX· 308

DHCPS6_CONFLICT_ADDRESS· 309

DHCPS6_EXTEND_ADDRESS· 309

DHCPS6_EXTEND_PREFIX· 310

DHCPS6_FILE· 310

DHCPS6_RECLAIM_ADDRESS· 311

DHCPS6_RECLAIM_PREFIX· 311

DHCPSP4· 311

DHCPSP4_FILE· 312

DHCPSP6· 312

DHCPSP6_FILE· 312

DIAG messages· 312

CPU_MINOR_RECOVERY· 313

CPU_MINOR_THRESHOLD·· 313

CPU_SEVERE_RECOVERY· 313

CPU_SEVERE_THRESHOLD·· 314

MEM_ALERT· 315

MEM_BELOW_THRESHOLD·· 316

MEM_EXCEED_THRESHOLD·· 317

DLDP messages· 317

DLDP_AUTHENTICATION_FAILED·· 317

DLDP_LINK_BIDIRECTIONAL· 318

DLDP_LINK_SHUTMODECHG·· 318

DLDP_LINK_UNIDIRECTIONAL· 319

DLDP_NEIGHBOR_AGED·· 319

DLDP_NEIGHBOR_CONFIRMED·· 320

DLDP_NEIGHBOR_DELETED·· 320

DOT1X messages· 320

DOT1X_CONFIG_NOTSUPPORT· 321

DOT1X_LOGIN_FAILURE· 321

DOT1X_LOGIN_SUCC· 322

DOT1X_LOGIN_SUCC (in open mode) 322

DOT1X_LOGOFF· 323

DOT1X_LOGOFF (in open mode) 323

DOT1X_LOGOFF_ABNORMAL· 324

DOT1X_LOGOFF_ABNORMAL (in open mode) 324

DOT1X_MACBINDING_EXIST· 325

DOT1X_NOTENOUGH_EADFREEIP_RES· 325

DOT1X_NOTENOUGH_EADFREERULE_RES· 326

DOT1X_NOTENOUGH_EADMACREDIR_RES· 326

DOT1X_NOTENOUGH_EADPORTREDIR_RES· 326

DOT1X_NOTENOUGH_ENABLEDOT1X_RES· 327

DOT1X_PEXAGG_NOMEMBER_RES· 327

DOT1X_SMARTON_FAILURE· 327

DOT1X_UNICAST_NOT_EFFECTIVE· 328

DRNI 328

DRNI_AUTO-RECOVERY_TIMEOUT· 328

DRNI_GLBCHECK_CONSISTENCY· 328

DRNI_GLBCHECK_INCONSISTENCY· 329

DRNI_IFCHECK_CONSISTENCY· 329

DRNI_IFCHECK_INCONSISTENCY· 329

DRNI_IFEVENT_DR_BIND·· 330

DRNI_IFEVENT_DR_GLOBALDOWN· 330

DRNI_IFEVENT_DR_GLOBALUP· 330

DRNI_IFEVENT_DR_NOSELECTED·· 331

DRNI_IFEVENT_DR_PEER_NOSELECTED·· 331

DRNI_IFEVENT_DR_PEER_SELECTED·· 331

DRNI_IFEVENT_DR_SELECTED·· 332

DRNI_IFEVENT_DR_UNBIND·· 332

DRNI_IFEVENT_IPP_BIND·· 332

DRNI_IFEVENT_IPP_DOWN· 333

DRNI_IFEVENT_IPP_UNBIND·· 333

DRNI_IFEVENT_IPP_UP· 333

DRNI_IPP_BLOCK· 334

DRNI_IPP_UNBLOCK· 334

DRNI_KEEPALIVEINTERVAL_MISMATCH· 334

DRNI_KEEPALIVELINK_DOWN· 335

DRNI_KEEPALIVELINK_UP· 335

DRNI_SECONDARY_MADDOWN· 335

DRNI_SYSEVENT_DEVICEROLE_CHANGE· 336

DRNI_SYSEVENT_MAC_CHANGE· 336

DRNI_SYSEVENT_NUMBER_CHANGE· 336

DRNI_SYSEVENT_PRIORITY_CHANGE· 337

DRVPLAT messages· 337

DrvDebug· 337

EDEV messages· 364

ALARM_IN_REMOVED·· 364

ALARM_IN_REPORTED·· 364

EDEV_BOOTROM_UPDATE_FAILED·· 365

EDEV_BOOTROM_UPDATE_SUCCESS· 365

EDEV_FAILOVER_GROUP_STATE_CHANGE· 365

ERPS messages· 366

ERPS_STATE_CHANGED·· 366

ETH messages· 366

ETH_SET_MAC_FAILED·· 366

ETHOAM messages· 366

ETHOAM_CONNECTION_FAIL_DOWN· 367

ETHOAM_CONNECTION_FAIL_TIMEOUT· 367

ETHOAM_CONNECTION_FAIL_UNSATISF· 367

ETHOAM_CONNECTION_SUCCEED·· 368

ETHOAM_DISABLE· 368

ETHOAM_DISCOVERY_EXIT· 368

ETHOAM_ENABLE· 369

ETHOAM_ENTER_LOOPBACK_CTRLLED·· 369

ETHOAM_ENTER_LOOPBACK_CTRLLING·· 369

ETHOAM_LOCAL_DYING_GASP· 370

ETHOAM_LOCAL_ERROR_FRAME· 370

ETHOAM_LOCAL_ERROR_FRAME_PERIOD·· 370

ETHOAM_LOCAL_ERROR_FRAME_SECOND·· 371

ETHOAM_LOCAL_ERROR_SYMBOL· 371

ETHOAM_LOCAL_LINK_FAULT· 371

ETHOAM_LOOPBACK_EXIT· 372

ETHOAM_LOOPBACK_EXIT_ERROR_STATU· 372

ETHOAM_LOOPBACK_NO_RESOURCE· 372

ETHOAM_LOOPBACK_NOT_SUPPORT· 373

ETHOAM_QUIT_LOOPBACK_CTRLLED·· 373

ETHOAM_QUIT_LOOPBACK_CTRLLING·· 373

ETHOAM_REMOTE_CRITICAL· 374

ETHOAM_REMOTE_DYING_GASP· 374

ETHOAM_REMOTE_ERROR_FRAME· 374

ETHOAM_REMOTE_ERROR_FRAME_PERIOD·· 375

ETHOAM_REMOTE_ERROR_FRAME_SECOND·· 375

ETHOAM_REMOTE_ERROR_SYMBOL· 375

ETHOAM_REMOTE_EXIT· 376

ETHOAM_REMOTE_FAILURE_RECOVER· 376

ETHOAM_REMOTE_LINK_FAULT· 376

ETHOAM_NO_ENOUGH_RESOURCE· 377

ETHOAM_NOT_CONNECTION_TIMEOUT· 377

EVB messages· 377

EVB_AGG_FAILED·· 378

EVB_LICENSE_EXPIRE· 378

EVB_VSI_OFFLINE· 378

EVB_VSI_ONLINE· 379

EVIISIS messages· 379

EVIISIS_LICENSE_EXPIRED·· 379

EVIISIS_LICENSE_EXPIRED_TIME· 379

EVIISIS_LICENSE_UNAVAILABLE· 380

EVIISIS_NBR_CHG·· 380

FCLINK messages· 380

FCLINK_FDISC_REJECT_NORESOURCE· 381

FCLINK_FLOGI_REJECT_NORESOURCE· 381

FCOE messages· 381

FCOE_INTERFACE_NOTSUPPORT_FCOE· 382

FCOE_LAGG_BIND_ACTIVE· 382

FCOE_LAGG_BIND_DEACTIVE· 383

FCZONE messages· 383

FCZONE_DISTRIBUTE_FAILED·· 384

FCZONE_HARDZONE_DISABLED·· 384

FCZONE_HARDZONE_ENABLED·· 385

FCZONE_ISOLATE_ALLNEIGHBOR· 385

FCZONE_ISOLATE_CLEAR_VSAN· 386

FCZONE_ISOLATE_CLEAR_ALLVSAN· 386

FCZONE_ISOLATE_NEIGHBOR· 386

FIB messages· 387

FIB_FILE· 387

FILTER messages· 387

FILTER_EXECUTION_ICMP· 388

FILTER_EXECUTION_ICMPV6· 389

FILTER_IPV4_EXECUTION· 390

FILTER_IPV6_EXECUTION· 391

FIPSNG messages· 391

FIPSNG_HARD_RESOURCE_NOENOUGH· 391

FIPSNG_HARD_RESOURCE_RESTORE· 392

FS messages· 392

FS_UNFORMATTED_PARTITION· 392

FTPD messages· 392

FTP_ACL_DENY· 393

FTPD_REACH_SESSION_LIMIT· 393

FTPD_AUTHOR_FAILED·· 393

gRPC messages· 394

GRPC_LOGIN· 394

GRPC_LOGIN_FAILED·· 394

GRPC_LOGOUT· 395

GRPC_SERVER_FAILED·· 395

GRPC_SUBSCRIBE_EVENT_FAILED·· 395

GRPC_RECEIVE_SUBSCRIPTION· 396

HA messages· 396

HA_BATCHBACKUP_FINISHED·· 396

HA_BATCHBACKUP_STARTED·· 396

HA_STANDBY_NOT_READY· 397

HA_STANDBY_TO_MASTER· 397

HQOS messages· 397

HQOS_DP_SET_FAIL· 397

HQOS_FP_SET_FAIL· 398

HQOS_POLICY_APPLY_FAIL· 398

HQOS_POLICY_APPLY_FAIL· 399

HTTPD messages· 399

HTTPD_CONNECT· 399

HTTPD_CONNECT_TIMEOUT· 400

HTTPD_DISCONNECT· 400

HTTPD_FAIL_FOR_ACL· 400

HTTPD_FAIL_FOR_ACP· 401

HTTPD_REACH_CONNECT_LIMIT· 401

IFNET messages· 401

IF_BUFFER_CONGESTION_OCCURRENCE· 402

IF_BUFFER_CONGESTION_CLEAR· 402

IF_JUMBOFRAME_WARN· 403

INTERFACE_NOTSUPPRESSED·· 403

INTERFACE_SUPPRESSED·· 403

LINK_UPDOWN· 404

PHY_UPDOWN· 404

PROTOCOL_UPDOWN· 404

TUNNEL_LINK_UPDOWN· 405

TUNNEL_PHY_UPDOWN· 405

VLAN_MODE_CHANGE· 405

IKE messages· 405

IKE_P1_SA_ESTABLISH_FAIL· 406

IKE_P2_SA_ESTABLISH_FAIL· 407

IKE_P2_SA_TERMINATE· 407

IKE_VERIFY_CERT_FAIL· 408

IP6ADDR·· 409

IP6ADDR_CREATEADDRESS_ERROR· 409

IP6ADDR_FUNCTION_FAIL· 410

IPADDR messages· 410

IPADDR_HA_EVENT_ERROR· 411

IPADDR_HA_STOP_EVENT· 412

IPFW··· 412

IPFW_FAILURE· 412

IPSEC messages· 412

IPSEC_FAILED_ADD_FLOW_TABLE· 413

IPSEC_PACKET_DISCARDED·· 413

IPSEC_SA_ESTABLISH· 414

IPSEC_SA_ESTABLISH_FAIL· 414

IPSEC_SA_INITINATION· 415

IPSEC_SA_TERMINATE· 415

IPSG messages· 415

IPSG_ADDENTRY_ERROR· 416

IPSG_DELENTRY_ERROR· 417

IPSG_ADDEXCLUDEDVLAN_ERROR· 418

IPSG_DELEXCLUDEDVLAN_ERROR· 419

IRDP messages· 419

IRDP_EXCEED_ADVADDR_LIMIT· 419

IRF· 420

IRF_LINK_BLOCK· 420

IRF_LINK_DOWN· 420

IRF_LINK_UP· 420

IRF_MEMBERID_CONFLICT· 421

IRF_MERGE· 421

IRF_MERGE_NEED_REBOOT· 421

IRF_MERGE_NOT_NEED_REBOOT· 422

ISIS messages· 422

ISIS_LSP_CONFLICT· 422

ISIS_MEM_ALERT· 423

ISIS_NBR_CHG·· 423

ISSU messages· 423

ISSU_LOAD_FAILED·· 424

ISSU_LOAD_SUCCESS· 424

ISSU_PROCESSWITCHOVER· 424

ISSU_ROLLBACKCHECKNORMAL· 425

L2PT messages· 425

L2PT_SET_MULTIMAC_FAILED·· 425

L2PT_CREATE_TUNNELGROUP_FAILED·· 425

L2PT_ADD_GROUPMEMBER_FAILED·· 426

L2PT_ENABLE_DROP_FAILED·· 426

L2TPv2 messages· 426

L2TPV2_TUNNEL_EXCEED_LIMIT· 427

L2TPV2_SESSION_EXCEED_LIMIT· 427

L2VPN messages· 427

L2VPN_BGPVC_CONFLICT_LOCAL· 428

L2VPN_BGPVC_CONFLICT_REMOTE· 428

L2VPN_HARD_RESOURCE_NOENOUGH· 428

L2VPN_HARD_RESOURCE_RESTORE· 429

L2VPN_LABEL_DUPLICATE· 429

LAGG messages· 429

LAGG_ACTIVE· 430

LAGG_AUTO_AGGREGATION· 430

LAGG_INACTIVE_AICFG·· 431

LAGG_INACTIVE_BFD·· 431

LAGG_INACTIVE_CONFIGURATION· 432

LAGG_INACTIVE_DUPLEX· 432

LAGG_INACTIVE_HARDWAREVALUE· 433

LAGG_INACTIVE_LOWER_LIMIT· 433

LAGG_INACTIVE_PARTNER· 434

LAGG_INACTIVE_PHYSTATE· 434

LAGG_INACTIVE_RESOURCE_INSUFICIE· 435

LAGG_INACTIVE_SPEED·· 435

LAGG_INACTIVE_UPPER_LIMIT· 436

LAGG_SELECTPORT_INCONSISTENT· 436

LDP messages· 436

LDP_MPLSLSRID_CHG·· 437

LDP_SESSION_CHG·· 438

LDP_SESSION_GR· 439

LDP_SESSION_SP· 439

LLDP messages· 440

LLDP_CREATE_NEIGHBOR· 440

LLDP_DELETE_NEIGHBOR· 441

LLDP_LESS_THAN_NEIGHBOR_LIMIT· 441

LLDP_NEIGHBOR_AGE_OUT· 442

LLDP_NEIGHBOR_PROTECTION_BLOCK· 442

LLDP_NEIGHBOR_PROTECTION_DOWN· 443

LLDP_NEIGHBOR_PROTECTION_UNBLOCK· 443

LLDP_NEIGHBOR_PROTECTION_UP· 443

LLDP_PVID_INCONSISTENT· 444

LLDP_REACH_NEIGHBOR_LIMIT· 444

LOAD messages· 444

BOARD_LOADING·· 445

LOAD_FAILED·· 445

LOAD_FINISHED·· 445

LOGIN messages· 446

LOGIN_FAILED·· 446

LOGIN_ INVALID_USERNAME_PWD·· 446

LPDT messages· 446

LPDT_LOOPED·· 447

LPDT_RECOVERED·· 447

LPDT_VLAN_LOOPED·· 447

LPDT_VLAN_RECOVERED·· 448

LS messages· 448

LS_ADD_USER_TO_GROUP· 448

LS_AUTHEN_FAILURE· 449

LS_AUTHEN_SUCCESS· 449

LS_DEL_USER_FROM_GROUP· 450

LS_DELETE_PASSWORD_FAIL· 450

LS_PWD_ADDBLACKLIST· 450

LS_PWD_CHGPWD_FOR_AGEDOUT· 451

LS_PWD_CHGPWD_FOR_AGEOUT· 451

LS_PWD_CHGPWD_FOR_COMPOSITION· 451

LS_PWD_CHGPWD_FOR_FIRSTLOGIN· 452

LS_PWD_CHGPWD_FOR_LENGTH· 452

LS_PWD_FAILED2WRITEPASS2FILE· 452

LS_PWD_MODIFY_FAIL· 453

LS_PWD_MODIFY_SUCCESS· 453

LS_REAUTHEN_FAILURE· 454

LS_UPDATE_PASSWORD_FAIL· 454

LS_USER_CANCEL· 454

LS_USER_PASSWORD_EXPIRE· 455

LS_USER_ROLE_CHANGE· 455

LSPV messages· 455

LSPV_PING_STATIS_INFO·· 456

MAC messages· 456

MAC_DRIVER_ADD_ENTRY· 456

MAC_PROTOCOLPKT_NORES_GLOBAL· 457

MAC_PROTOCOLPKT_NORES_PORT· 457

MAC_PROTOCOLPKT_NORES_VLAN· 458

MAC_TABLE_FULL_GLOBAL· 458

MAC_TABLE_FULL_PORT· 458

MAC_TABLE_FULL_VLAN· 459

MAC_VLAN_LEARNLIMIT_NORESOURCE· 459

MAC_VLAN_LEARNLIMIT_NOTSUPPORT· 459

MACA messages· 459

MACA_ENABLE_NOT_EFFECTIVE· 460

MACA_LOGIN_FAILURE· 460

MACA_LOGIN_SUCC· 461

MACA_LOGIN_SUCC (in open mode) 461

MACA_LOGOFF· 462

MACA_LOGOFF (in open mode) 462

MACSEC messages· 462

MACSEC_MKA_KEEPALIVE_TIMEOUT· 463

MACSEC_MKA_PRINCIPAL_ACTOR· 463

MACSEC_MKA_SAK_REFRESH· 463

MACSEC_MKA_SESSION_REAUTH· 464

MACSEC_MKA_SESSION_SECURED·· 464

MACSEC_MKA_SESSION_START· 465

MACSEC_MKA_SESSION_STOP· 465

MACSEC_MKA_SESSION_UNSECURED·· 466

MBFD messages· 466

MBFD_TRACEROUTE_FAILURE· 466

MBUF messages· 467

MBUF_DATA_BLOCK_CREATE_FAIL· 467

MDC messages· 467

MDC_CREATE_ERR· 468

MDC_CREATE· 468

MDC_DELETE· 468

MDC_KERNEL_EVENT_TOOLONG·· 469

MDC_LICENSE_EXPIRE· 469

MDC_NO_FORMAL_LICENSE· 469

MDC_NO_LICENSE_EXIT· 470

MDC_OFFLINE· 470

MDC_ONLINE· 470

MDC_STATE_CHANGE· 471

MFIB messages· 471

MFIB_MEM_ALERT· 471

MGROUP messages· 471

MGROUP_APPLY_SAMPLER_FAIL· 472

MGROUP_RESTORE_CPUCFG_FAIL· 472

MGROUP_RESTORE_GROUP_FAIL· 473

MGROUP_RESTORE_IFCFG_FAIL· 473

MGROUP_SYNC_CFG_FAIL· 474

MPLS messages· 474

MPLS_HARD_RESOURCE_NOENOUGH· 474

MPLS_HARD_RESOURCE_RESTORE· 474

MTLK messages· 475

MTLK_UPLINK_STATUS_CHANGE· 475

NAT messages· 475

NAT_ADDR_BIND_CONFLICT· 475

NAT_FAILED_ADD_FLOW_RULE· 476

NAT_FAILED_ADD_FLOW_TABLE· 476

NAT_FLOW·· 477

NAT_SERVER_INVALID·· 478

NAT_SERVICE_CARD_RECOVER_FAILURE· 479

ND messages· 479

ND_COMMONPROXY_ENABLE_FAILED·· 480

ND_CONFLICT· 480

ND_DUPADDR· 480

ND_HOST_IP_CONFLICT· 481

ND_LOCALPROXY_ENABLE_FAILED·· 481

ND_MAC_CHECK· 482

ND_NETWORKROUTE_DUPLICATE· 482

ND_RAGUARD_DROP· 483

ND_SET_PORT_TRUST_NORESOURCE· 483

ND_SET_VLAN_REDIRECT_NORESOURCE· 483

ND_USER_DUPLICATE_IPV6ADDR· 484

ND_USER_MOVE· 485

ND_USER_OFFLINE· 485

ND_USER_ONLINE· 486

NETCONF messages· 486

CLI 486

EDIT-CONFIG·· 487

NETCONF_MSG_DEL· 488

THREAD·· 488

NQA messages· 488

NQA_LOG_UNREACHABLE· 488

NTP messages· 489

NTP_CLOCK_CHANGE· 489

NTP_LEAP_CHANGE· 489

NTP_SOURCE_CHANGE· 490

NTP_SOURCE_LOST· 490

NTP_STRATUM_CHANGE· 490

OAP messages· 491

OAP_CLIENT_DEREG·· 491

OAP_CLIENT_TIMEOUT· 491

OBJP messages· 491

OBJP_ACCELERATE_NO_RES· 492

OBJP_ACCELERATE_NOT_SUPPORT· 492

OBJP_ACCELERATE_UNK_ERR· 492

OFP messages· 493

OFP_ACTIVE· 493

OFP_ACTIVE_FAILED·· 493

OFP_CONNECT· 493

OFP_FAIL_OPEN· 494

OFP_FLOW_ADD·· 494

OFP_FLOW_ADD_ARP_FAILED·· 495

OFP_FLOW_ADD_DUP· 495

OFP_FLOW_ADD_FAILED·· 496

OFP_FLOW_ADD_FAILED·· 496

OFP_FLOW_ADD_ND_FAILED·· 497

OFP_FLOW_ADD_TABLE_MISS· 497

OFP_FLOW_ADD_TABLE_MISS_FAILED·· 498

OFP_FLOW_DEL· 498

OFP_FLOW_DEL_L2VPN_DISABLE· 499

OFP_FLOW_DEL_TABLE_MISS· 499

OFP_FLOW_DEL_TABLE_MISS_FAILED·· 500

OFP_FLOW_DEL_VXLAN_DEL· 500

OFP_FLOW_MOD·· 501

OFP_FLOW_MOD_FAILED·· 501

OFP_FLOW_MOD_TABLE_MISS· 502

OFP_FLOW_MOD_TABLE_MISS_FAILED·· 502

OFP_FLOW_RMV_GROUP· 503

OFP_FLOW_RMV_HARDTIME· 503

OFP_FLOW_RMV_IDLETIME· 503

OFP_FLOW_RMV_METER· 504

OFP_FLOW_UPDATE_FAILED·· 504

OFP_GROUP_ADD·· 505

OFP_GROUP_ADD_FAILED·· 505

OFP_GROUP_DEL· 506

OFP_GROUP_MOD·· 506

OFP_GROUP_MOD_FAILED·· 507

OFP_GROUP_REFRESH_FAILED·· 507

OFP_GROUP_ROLLBACK_FAILED·· 507

OFP_METER_ADD·· 508

OFP_METER_ADD_FAILED·· 508

OFP_METER_DEL· 509

OFP_METER_MOD·· 509

OFP_METER_MOD_FAILED·· 510

OFP_MISS_RMV_GROUP· 510

OFP_MISS_RMV_HARDTIME· 510

OFP_MISS_RMV_IDLETIME· 511

OFP_MISS_RMV_METER· 511

OFP_RADARDETECTION· 511

PORT_MOD·· 512

OPENSRC (FreeRADIUS) messages· 513

HUP event 513

Process restart event 514

Process start event 514

User authentication· 515

OPTMOD messages· 517

BIAS_HIGH· 517

BIAS_LOW·· 518

BIAS_NORMAL· 518

CFG_ERR· 518

CHKSUM_ERR· 519

FIBER_SFP MODULE_INVALID·· 519

FIBER_SFPMODULE_NOWINVALID·· 520

IO_ERR· 520

MOD_ALM_OFF· 520

MOD_ALM_ON· 521

MODULE_IN· 521

MODULE_OUT· 521

PHONY_MODULE· 522

RX_ALM_OFF· 522

RX_ALM_ON· 522

RX_POW_HIGH· 523

RX_POW_LOW·· 523

RX_POW_NORMAL· 523

TEMP_HIGH· 524

TEMP_LOW·· 524

TEMP_NORMAL· 524

TX_ALM_OFF· 525

TX_ALM_ON· 525

TX_POW_HIGH· 525

TX_POW_LOW·· 526

TX_POW_NORMAL· 526

TYPE_ERR· 526

VOLT_HIGH· 527

VOLT_LOW·· 527

VOLT_NORMAL· 527

OSPF messages· 528

OSPF_DUP_RTRID_NBR· 528

OSPF_IP_CONFLICT_INTRA· 528

OSPF_LAST_NBR_DOWN· 529

OSPF_MEM_ALERT· 529

OSPF_NBR_CHG·· 530

OSPF_RT_LMT· 530

OSPF_RTRID_CHG·· 530

OSPF_RTRID_CONFLICT_INTER· 531

OSPF_RTRID_CONFLICT_INTRA· 531

OSPF_VLINKID_CHG·· 531

OSPFV3 messages· 532

OSPFV3_LAST_NBR_DOWN· 532

OSPFV3_MEM_ALERT· 532

OSPFV3_NBR_CHG·· 533

OSPFV3_RT_LMT· 533

PBB messages· 533

PBB_JOINAGG_WARNING·· 534

PBR messages· 534

PBR_HARDWARE_ERROR· 534

PCE messages· 534

PCE_PCEP_SESSION_CHG·· 535

PEX messages (IRF 3) 535

PEX_ASSOCIATEID_MISMATCHING·· 536

PEX_CONFIG_ERROR· 536

PEX_CONNECTION_ERROR· 537

PEX_FORBID_STACK· 537

PEX_LINK_BLOCK· 538

PEX_LINK_DOWN· 539

PEX_LINK_FORWARD·· 539

PEX_REG_JOININ· 540

PEX_REG_LEAVE· 540

PEX_REG_REQUEST· 541

PEX_STACKCONNECTION_ERROR· 541

PEX messages (IRF 3.1) 542

PEX_AUTOCONFIG_BAGG_ASSIGNMEMBER· 542

PEX_AUTOCONFIG_BAGG_CREATE· 542

PEX_AUTOCONFIG_BAGG_NORESOURCE· 542

PEX_AUTOCONFIG_BAGG_REMOVEMEMBER· 543

PEX_AUTOCONFIG_CAPABILITY_ENABLE· 543

PEX_AUTOCONFIG_CASCADELIMIT· 543

PEX_AUTOCONFIG_CONNECTION_ERROR· 544

PEX_AUTOCONFIG_DIFFGROUPNUMBER· 544

PEX_AUTOCONFIG_DYNAMICBAGG_STP· 545

PEX_AUTOCONFIG_GROUP_CREATE· 545

PEX_AUTOCONFIG_NONUMBERRESOURCE· 545

PEX_AUTOCONFIG_NOT_CASCADEPORT· 546

PEX_AUTOCONFIG_NUMBER_ASSIGN· 546

PEX_LLDP_DISCOVER· 547

PEX_MEMBERID_EXCEED·· 547

PEX_PECSP_OPEN_RCVD·· 547

PEX_PECSP_OPEN_SEND·· 548

PEX_PECSP_TIMEOUT· 548

PFILTER messages· 548

PFILTER_GLB_IPV4_DACT_NO_RES· 549

PFILTER_GLB_IPV4_DACT_UNK_ERR· 549

PFILTER_GLB_IPV6_DACT_NO_RES· 550

PFILTER_GLB_IPV6_DACT_UNK_ERR· 550

PFILTER_GLB_MAC_DACT_NO_RES· 551

PFILTER_GLB_MAC_DACT_UNK_ERR· 551

PFILTER_GLB_NO_RES· 552

PFILTER_GLB_NOT_SUPPORT· 552

PFILTER_GLB_ RES_CONFLICT· 553

PFILTER_GLB_UNK_ERR· 553

PFILTER_IF_IPV4_DACT_NO_RES· 554

PFILTER_IF_IPV4_DACT_UNK_ERR· 554

PFILTER_IF_IPV6_DACT_NO_RES· 555

PFILTER_IF_IPV6_DACT_UNK_ERR· 555

PFILTER_IF_MAC_DACT_NO_RES· 556

PFILTER_IF_MAC_DACT_UNK_ERR· 556

PFILTER_IF_NO_RES· 557

PFILTER_IF_NOT_SUPPORT· 557

PFILTER_IF_RES_CONFLICT· 558

PFILTER_IF_UNK_ERR· 558

PFILTER_IPV4_FLOW_INFO·· 559

PFILTER_IPV4_FLOW_STATIS· 559

PFILTER_IPV6_FLOW_INFO·· 560

PFILTER_IPV6_FLOW_STATIS· 560

PFILTER_IPV6_STATIS_INFO·· 561

PFILTER_MAC_FLOW_INFO·· 561

PFILTER_STATIS_INFO·· 562

PFILTER_VLAN_IPV4_DACT_NO_RES· 562

PFILTER_VLAN_IPV4_DACT_UNK_ERR· 563

PFILTER_VLAN_IPV6_DACT_NO_RES· 563

PFILTER_VLAN_IPV6_DACT_UNK_ERR· 564

PFILTER_VLAN_MAC_DACT_NO_RES· 564

PFILTER_VLAN_MAC_DACT_UNK_ERR· 565

PFILTER_VLAN_NO_RES· 565

PFILTER_VLAN_NOT_SUPPORT· 566

PFILTER_VLAN_RES_CONFLICT· 566

PFILTER_VLAN_UNK_ERR· 567

PIM messages· 567

PIM_NBR_DOWN· 567

PIM_NBR_UP· 568

PING messages· 568

PING_STATISTICS· 568

PING_VPN_STATISTICS· 569

PKG messages· 569

PKG_BOOTLOADER_FILE_FAILED·· 569

PKG_BOOTLOADER_FILE_SUCCESS· 570

PKG_INSTALL_ACTIVATE_FAILED·· 570

PKG_INSTALL_ACTIVATE_SUCCESS· 570

PKI messages· 570

GET_CERT_FROM_CA_SERVER_FAIL· 571

IMPORT_CERT_FAIL· 572

REQUEST_CERT_FAIL· 573

REQUEST_CERT_SUCCESS· 574

RETRIEVE_CRL_FAIL· 575

VALIDATE_CERT_FAIL· 576

PKT2CPU messages· 577

PKT2CPU_NO_RESOURCE· 578

Portal messages· 578

PORTAL_RULE_FAILED·· 578

PORTSEC messages· 579

PORTSEC_ACL_FAILURE· 579

PORTSEC_CAR_FAILURE· 579

PORTSEC_CREATEAC_FAILURE· 580

PORTSEC_LEARNED_MACADDR· 580

PORTSEC_NTK_NOT_EFFECTIVE· 581

PORTSEC_PORTMODE_NOT_EFFECTIVE· 581

PORTSEC_PROFILE_FAILURE· 581

PORTSEC_URL_FAILURE· 582

PORTSEC_VIOLATION· 582

PORTSEC_VLANMACLIMIT· 583

QOS messages· 583

MIRROR_SYNC_CFG_FAIL· 583

QOS_CAR_APPLYUSER_FAIL· 584

QOS_CBWFQ_REMOVED·· 584

QOS_GTS_APPLYUSER_FAIL· 585

QOS_LR_APPLYIF_FAIL· 585

QOS_NOT_ENOUGH_BANDWIDTH· 586

QOS_NOT_ENOUGH_NNIBANDWIDTH· 586

QOS_POLICY_APPLYCOPP_CBFAIL· 587

QOS_POLICY_APPLYCOPP_FAIL· 587

QOS_POLICY_APPLYGLOBAL_CBFAIL· 588

QOS_POLICY_APPLYGLOBAL_FAIL· 588

QOS_POLICY_APPLYIF_CBFAIL· 589

QOS_POLICY_APPLYIF_FAIL· 589

QOS_POLICY_APPLYUSER_FAIL· 590

QOS_POLICY_APPLYVLAN_CBFAIL· 590

QOS_POLICY_APPLYVLAN_FAIL· 591

QOS_QMPROFILE_APPLYIF_FAIL· 591

QOS_QMPROFILE_APPLYUSER_FAIL· 592

QOS_QMPROFILE_MODIFYQUEUE_FAIL· 592

QOS_QUEUE_APPLYIF_FAIL· 593

QOS_UNI_RESTORE_FAIL· 593

WRED_TABLE_CFG_FAIL· 593

RADIUS messages· 594

RADIUS_AUTH_FAILURE· 594

RADIUS_AUTH_SUCCESS· 594

RADIUS_DELETE_HOST_FAIL· 594

RDDC messages· 595

RDDC_ACTIVENODE_CHANGE· 595

RESMON·· 595

RESMON_MINOR· 596

RESMON_MINOR_RECOVERY· 596

RESMON_SEVERE· 597

RESMON_SEVERE_RECOVERY· 597

RESMON_USEDUP· 598

RESMON_USEDUP_RECOVERY· 598

RIP messages· 598

RIP_MEM_ALERT· 599

RIP_RT_LMT· 599

RIPNG messages· 599

RIPNG_MEM_ALERT· 599

RIPNG_RT_LMT· 600

RM messages· 600

RM_ACRT_REACH_LIMIT· 600

RM_ACRT_REACH_THRESVALUE· 601

RM_THRESHLD_VALUE_REACH· 601

RM_TOTAL_THRESHLD_VALUE_REACH· 601

RPR messages· 602

RPR_EXCEED_MAX_SEC_MAC· 602

RPR_EXCEED_MAX_SEC_MAC_OVER· 602

RPR_EXCEED_MAX_STATION· 603

RPR_EXCEED_MAX_STATION_OVER· 603

RPR_EXCEED_RESERVED_RATE· 603

RPR_EXCEED_RESERVED_RATE_OVER· 604

RPR_IP_DUPLICATE· 604

RPR_IP_DUPLICATE_OVER· 604

RPR_JUMBO_INCONSISTENT· 605

RPR_JUMBO_INCONSISTENT_OVER· 605

RPR_LAGGCONFIG_INCONSISTENT· 605

RPR_LAGGCONFIG_INCONSISTENT_OVER· 606

RPR_MISCABLING·· 606

RPR_MISCABLING_OVER· 606

RPR_PROTECTION_INCONSISTENT· 607

RPR_PROTECTION_INCONSISTENT_OVER· 607

RPR_SEC_MAC_DUPLICATE· 607

RPR_SEC_MAC_DUPLICATE_OVER· 608

RPR_TOPOLOGY_INCONSISTENT· 608

RPR_TOPOLOGY_INCONSISTENT_OVER· 608

RPR_TOPOLOGY_INSTABILITY· 609

RPR_TOPOLOGY_INSTABILITY_OVER· 609

RPR_TOPOLOGY_INVALID·· 609

RPR_TOPOLOGY_INVALID_OVER· 610

RRPP messages· 610

RRPP_RING_FAIL· 610

RRPP_RING_RESTORE· 610

RTM messages· 610

RTM_TCL_NOT_EXIST· 611

RTM_TCL_MODIFY· 611

RTM_TCL_LOAD_FAILED·· 611

SCMD messages· 611

PROCESS_ABNORMAL· 612

PROCESS_ACTIVEFAILED·· 613

SCM_ABNORMAL_REBOOT· 613

SCM_ABNORMAL_REBOOTMDC· 614

SCM_ABORT_RESTORE· 614

SCM_INSMOD_ADDON_TOOLONG·· 615

SCM_KERNEL_INIT_TOOLONG·· 615

SCM_KILL_PROCESS· 616

SCM_PROCESS_STARTING_TOOLONG·· 617

SCM_PROCESS_STILL_STARTING·· 618

SCM_SKIP_PROCESS· 618

SCRLSP messages· 619

SCRLSP_LABEL_DUPLICATE· 619

SESSION messages· 619

SESSION_IPV4_FLOW·· 620

SESSION_IPV6_FLOW·· 621

SFLOW messages· 622

SFLOW_HARDWARE_ERROR· 622

SHELL messages· 622

SHELL_CMD·· 623

SHELL_CMD_CONFIRM·· 623

SHELL_CMD_EXECUTEFAIL· 623

SHELL_CMD_INPUT· 624

SHELL_CMD_INPUT_TIMEOUT· 624

SHELL_CMD_INVALID_CHARACTER· 624

SHELL_CMD_MATCHFAIL· 625

SHELL_CMDDENY· 625

SHELL_CMDFAIL· 625

SHELL_COMMIT· 626

SHELL_COMMIT_DELAY· 626

SHELL_COMMIT_REDELAY· 626

SHELL_COMMIT_ROLLBACK· 627

SHELL_COMMIT_ROLLBACKDONE· 627

SHELL_COMMIT_WILLROLLBACK· 627

SHELL_CRITICAL_CMDFAIL· 628

SHELL_LOGIN· 628

SHELL_LOGOUT· 628

SLSP messages· 629

SLSP_LABEL_DUPLICATE· 629

SMLK messages· 629

SMLK_LINK_SWITCH· 629

SNMP messages· 629

SNMP_ACL_RESTRICTION· 630

SNMP_AUTHENTICATION_FAILURE· 630

SNMP_GET· 630

SNMP_INFORM_LOST· 631

SNMP_NOTIFY· 632

SNMP_SET· 633

SNMP_USM_NOTINTIMEWINDOW·· 633

SSHC messages· 633

SSHC_ALGORITHM_MISMATCH· 634

SSHC_AUTH_PASSWORD_FAIL· 634

SSHC_AUTH_PUBLICKEY_FAIL· 634

SSHC_CERT_VERIFY_FAIL· 635

SSHC_CONNECT_FAIL· 636

SSHC_DECRYPT_FAIL· 636

SSHC_DISCONNECT· 637

SSHC_ENCRYPT_FAIL· 637

SSHC_HOST_NAME_ERROR· 637

SSHC_KEY_EXCHANGE_FAIL· 638

SSHC_MAC_ERROR· 638

SSHC_PUBLICKEY_NOT_EXIST· 638

SSHC_VERSION_MISMATCH· 639

SSHS messages· 639

SSHS_ACL_DENY· 639

SSHS_ALGORITHM_MISMATCH· 639

SSHS_AUTH_EXCEED_RETRY_TIMES· 640

SSHS_AUTH_FAIL· 640

SSHS_AUTH_KBDINT_FAIL· 640

SSHS_AUTH_PWD_FAIL· 641

SSHS_AUTH_TIMEOUT· 641

SSHS_AUTH_SUCCESS· 641

SSHS_AUTHOR_FAIL· 642

SSHS_CERT_VERIFY_FAIL· 643

SSHS_CONNECT· 644

SSHS_DECRYPT_FAIL· 644

SSHS_DISCONNECT· 645

SSHS_ENCRYPT_FAIL· 645

SSHS_LOG·· 645

SSHS_MAC_ERROR· 646

SSHS_REACH_SESSION_LIMIT· 646

SSHS_REACH_USER_LIMIT· 646

SSHS_SCP_OPER· 647

SSHS_SFTP_OPER· 647

SSHS_SRV_UNAVAILABLE· 648

SSHS_VERSION_MISMATCH· 648

STM messages· 648

STM_AUTO_UPDATE_FAILED·· 649

STM_AUTO_UPDATE_FINISHED·· 650

STM_AUTO_UPDATING·· 650

STM_LINK_DOWN· 651

STM_LINK_TIMEOUT· 651

STM_LINK_UP· 651

STM_MERGE· 652

STM_MERGE_NEED_REBOOT· 652

STM_MERGE_NOT_NEED_REBOOT· 652

STM_SAMEMAC· 653

STM_SOMER_CHECK· 653

STP messages· 653

STP_BPDU_PROTECTION· 653

STP_BPDU_RECEIVE_EXPIRY· 654

STP_CONSISTENCY_RESTORATION· 654

STP_DETECTED_TC· 654

STP_DISABLE· 655

STP_DISCARDING·· 655

STP_DISPUTE· 655

STP_ENABLE· 656

STP_FORWARDING·· 656

STP_LOOP_PROTECTION· 656

STP_LOOPBACK_PROTECTION· 657

STP_NOT_ROOT· 657

STP_NOTIFIED_TC· 657

STP_PORT_TYPE_INCONSISTENCY· 658

STP_PVID_INCONSISTENCY· 658

STP_PVST_BPDU_PROTECTION· 658

STP_ROOT_PROTECTION· 659

SYSLOG messages· 659

SYSLOG_LOGBUFFER_FAILURE· 659

SYSLOG_LOGFILE_FULL· 659

SYSLOG_NO_SPACE· 660

SYSLOG_RESTART· 660

SYSLOG_RTM_EVENT_BUFFER_FULL· 660

TACACS messages· 661

TACACS_AUTH_FAILURE· 661

TACACS_AUTH_SUCCESS· 661

TACACS_DELETE_HOST_FAIL· 661

TELNETD messages· 662

TELNETD_ACL_DENY· 662

TELNETD_REACH_SESSION_LIMIT· 662

TRILL messages· 662

TRILL_DUP_SYSTEMID·· 663

TRILL_INTF_CAPABILITY· 663

TRILL_LICENSE_EXPIRED·· 663

TRILL_LICENSE_EXPIRED_TIME· 664

TRILL_LICENSE_UNAVAILABLE· 664

TRILL_MEM_ALERT· 664

TRILL_NBR_CHG·· 665

VCF messages· 665

VCF_AGGR_CREAT· 665

VCF_AGGR_DELETE· 666

VCF_AGGR_FAILED·· 666

VCF_AUTO_ANALYZE_USERDEF· 666

VCF_AUTO_NO_USERDEF· 667

VCF_AUTO_START· 667

VCF_AUTO_STATIC_CMD·· 668

VCF_BGP· 668

VCF_DOWN_LINK· 669

VCF_GET_IMAGE· 669

VCF_GET_TEMPLATE· 670

VCF_INSTALL_IMAGE· 670

VCF_IRF_FINISH· 670

VCF_IRF_FOUND·· 671

VCF_IRF_REBOOT· 671

VCF_IRF_START· 672

VCF_LOOPBACK_START· 672

VCF_LOOPBACK_START_FAILED·· 673

VCF_LOOPBACK_ALLOC· 673

VCF_LOOPBACK_NO_FREE_IP· 674

VCF_LOOPBACK_RECLAIM·· 674

VCF_REBOOT· 675

VCF_SKIP_INSTALL· 675

VCF_STATIC_CMD_ERROR· 675

VCF_UP_LINK· 676

VLAN messages· 676

VLAN_CREATEFAIL· 676

VLAN_FAILED·· 677

VLAN_QINQETHTYPE_FAILED·· 677

VLAN_VLANMAPPING_FAILED·· 677

VLAN_VLANTRANSPARENT_FAILED·· 678

VRRP messages· 678

VRRP_STATUS_CHANGE· 679

VRRP_VF_STATUS_CHANGE· 680

VRRP_VMAC_INEFFECTIVE· 680

VSRP messages· 680

VSRP_BIND_FAILED·· 681

VXLAN messages· 681

VXLAN_LICENSE_UNAVAILABLE· 681

 


Introduction

This document includes system messages for the Comware 7 software platform. Some messages might not be available on the device.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

·     Log host (RFC 3164-compliant format):

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

·     Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

Table 1 System log message elements

Element

Description

<PRI>

Priority identifier. This element is contained only in messages sent to the log host.

It is calculated by using the following formula:

Priority identifier=facilityx8+severity

Where:

·     Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages.

·     Severity represents the importance of the message. For more information about severity levels, see Table 2.

Prefix

Message type identifier. This element is contained only in messages sent to non-log-host destinations.

This element uses the following symbols to indicate message severity:

·     Percentage sign (%)—Informational and higher levels.

·     Asterisk (*)—Debug level.

TIMESTAMP

Date and time when the event occurred.

The following are commands for configuring the timestamp format:

·     Log host—Use the info-center timestamp loghost command.

·     Non-log-host destinations—Use the info-center timestamp command.

Sysname

Name or IP address of the device that generated the message.

%%vendor

Manufacturer flag. This element is %%10 for H3C.

This element is contained only in messages sent to the log host.

MODULE

Name of the module that produced the message.

severity

Severity level of the message. (For more information about severity levels, see Table 2.)

MNEMONIC

Text string that uniquely identifies the system message. The maximum length is 32 characters.

location

Optional. This field is contained only in messages sent to the log host.

This element presents location information about the message in the following format:

-attribute1=x-attribute2=y…-attributeN=z

A location might be a chassis number, slot number, source IP address, or any other location type defined in the module that produced the message.

This element is separated from the CONTENT element by using a semicolon (;).

CONTENT

A description of the event or error.

For variable fields in this element, this document uses the representations in Table 3.

 

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.

Table 2 System log message severity levels

Level

Severity

Description

0

Emergency

The system is unusable. For example, the system authorization has expired.

1

Alert

Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.

2

Critical

Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.

3

Error

Error condition. For example, the link state changes or a storage card is unplugged.

4

Warning

Warning condition. For example, an interface is disconnected, or the memory resources are used up.

5

Notification (Notice in RFC 3164)

Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.

6

Informational

Informational message. For example, a command or a ping operation is executed.

7

Debug

Debugging message.

 

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation

Information type

INT16

Signed 16-bit decimal number.

UINT16

Unsigned 16-bit decimal number.

INT32

Signed 32-bit decimal number.

UINT32

Unsigned 32-bit decimal number.

INT64

Signed 64-bit decimal number.

UINT64

Unsigned 64-bit decimal number.

DOUBLE

Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].

HEX

Hexadecimal number.

CHAR

Single character.

STRING

Character string.

IPADDR

IP address.

MAC

MAC address.

DATE

Date.

TIME

Time.

 

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, log buffer, monitor terminal, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, or VTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

·     To display log messages on the monitor terminal, you must configure the terminal monitor command.

·     For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

 

 

NOTE:

Settings for the terminal logging level and info-center source commands take effect only on the current login session. The default settings for the commands restore at a relogin.

 

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

To view the contents of the log file on the device, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 4 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.

Table 4 Software module list

Module name representation

Module name expansion

AAA

Authentication, Authorization and Accounting

ACL

Access Control List

ANCP

Access Node Control Protocol

APMGR

Access Point Management

ARP

Address Resolution Protocol

ATK

ATK Detect and Defense

ATM

Asynchronous Transfer Mode

BFD

Bidirectional Forwarding Detection

BGP

Border Gateway Protocol

BLS

Blacklist

CFD

Connectivity Fault Detection

CFGMAN

Configuration Management

CONNLMT

Connect Limit

DEV

Device Management

DHCP

Dynamic Host Configuration Protocol

DHCPR

IPv4 DHCP Relay

DHCPS

IPv4 DHCP Server

DHCPS6

IPv6 DHCP Server

DHCPSP4

IPv4 DHCP snooping

DHCPSP6

IPv6 DHCP snooping

DIAG

Diagnosis

DLDP

Device Link Detection Protocol

DOT1X

802.1X

DRNI

Distributed Resilient Network Interconnect

DRVPLAT

Drive Plat

EDEV

Extender Device Management

ERPS

Ethernet Ring Protection Switching

ETH

Ethernet

ETHOAM

Ethernet Operation, Administration and Maintenance

EVB

Ethernet Virtual Bridging

EVIISIS

Ethernet Virtual Interconnect Intermediate System-to-Intermediate System

FCOE

Fibre Channel Over Ethernet

FCLINK

Fibre Channel Link

FCZONE

Fibre Channel Zone

FIB

Forwarding Information Base

FILTER

Filter

FIPSNG

FIP Snooping

FS

File System

FTPD

File Transfer Protocol Daemon

gRPC

Google Remote Procedure Call

HA

High Availability

HQOS

Hierarchical QoS

HTTPD

Hypertext Transfer Protocol Daemon

IFNET

Interface Net Management

IKE

Internet Key Exchange

IP6ADDR

IPv6 address

IPADDR

IP address

IPFW

IP Forwarding

IPSEC

IP Security

IPSG

IP Source Guard

IRDP

ICMP Router Discovery Protocol

IRF

Intelligent Resilient Framework

ISIS

Intermediate System-to-Intermediate System

ISSU

In-Service Software Upgrade

L2PT

Layer 2 Protocol Tunneling

L2TPV2

Layer 2 Tunneling Protocol Version 2

L2VPN

Layer 2 VPN

LAGG

Link Aggregation

LDP

Label Distribution Protocol

LLDP

Link Layer Discovery Protocol

LOAD

Load Management

LOGIN

Login

LPDT

Loopback Detection

LS

Local Server

LSPV

LSP Verification

MAC

Media Access Control

MACA

MAC Authentication

MACSEC

MAC Security

MBFD

MPLS BFD

MBUF

Memory buffer

MDC

Multitenant Device Context

MFIB

Multicast Forwarding Information Base

MGROUP

Mirroring group

MPLS

Multiprotocol Label Switching

MTLK

Monitor Link

NAT

Network Address Translate

NETCONF

Network Configuration Protocol

ND

Neighbor Discovery

NQA

Network Quality Analyzer

NTP

Network Time Protocol

OAP

Open Application Platform

OPENSRC(FreeRADIUS)

Open Source

OBJP

Object Policy

OFP

OpenFlow Protocol

OPTMOD

Optical Module

OSPF

Open Shortest Path First

OSPFV3

Open Shortest Path First Version 3

PKTCPT

Packet Capture

PFILTER

Packet Filter

PBB

Provider Backbone Bridge

PBR

Policy Based Route

PCE

Path Computation Element

PEX

Port Extender

PIM

Protocol Independent Multicast

PING

Packet Internet Groper

PKG

Package

PKI

Public Key Infrastructure

PKT2CPU

Packet to CPU

PORTAL

Portal

PORTSEC

Port Security

PPP

Point to Point Protocol

PWDCTL

Password Control

QOS

Quality of Service

RADIUS

Remote Authentication Dial In User Service

RESMON

RESOURCE MONITER

RDDC

Redundancy

RIP

Routing Information Protocol

RIPNG

Routing Information Protocol Next Generation

RM

Routing Management

RPR

Resilient Packet Ring

RRPP

Rapid Ring Protect Protocol

RTM

Real-Time Management

SCMD

Service Control Manager

SCRLSP

Static CRLSP

SESSION

Session

SFLOW

Sampler Flow

SHELL

Shell

SLSP

Static LSP

SMLK

Smart Link

SNMP

Simple Network Management Protocol

SSHC

Secure Shell Client

SSHS

Secure Shell Server

STAMGR

Station Management

STM

Stack Topology Management

STP

Spanning Tree Protocol

SYSEVENT

System Event

SYSLOG

System Log

TACACS

Terminal Access Controller Access Control System

TELNETD

Telnet Daemon

TRILL

Transparent Interconnect of Lots of Links

VCF

Vertical Converged Framework

VLAN

Virtual Local Area Network

VRRP

Virtual Router Redundancy Protocol

VSRP

Virtual Service Redundancy Protocol

VXLAN

Virtual eXtensible LAN

WEB

Web

WIPS

Wireless Intrusion Prevention System

 

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.

This document explains messages in tables. Table 5 describes information provided in these tables.

Table 5 Message explanation table contents

Item

Content

Example

Message text

Presents the message description.

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

Briefly describes the variable fields in the order that they appear in the message text.

The variable fields are numbered in the "$Number" form to help you identify their location in the message text.

$1: ACL number.

$2: ID and content of an ACL rule.

$3: Number of packets that matched the rule.

Severity level

Provides the severity level of the message.

6

Example

Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

Explains the message, including the event or error cause.

Number of packets that matched an ACL rule. This message is sent when the packet counter changes.

Recommended action

Provides recommended actions. For informational messages, no action is required.

No action is required.


AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

5

Example

AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.

Explanation

An AAA request was rejected.

The following are the common reasons:

·     No response was received from the server.

·     The username or password was incorrect.

·     The service type that the user applied for was incorrect.

Recommended action

1.     Verify that the device is correctly connected to the server.

2.     Enter the correct username and password.

3.     Verify that the server settings are the same as the settings on the device.

4.     If the problem persists, contact H3C Support.

 

AAA_LAUNCH

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.

Explanation

An AAA request was received.

Recommended action

No action is required.

 

AAA_SUCCESS

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.

Explanation

An AAA request was accepted.

Recommended action

No action is required.

 

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text

Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.

Explanation

Hardware resources were insufficient for accelerating an ACL.

Recommended action

Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

 

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text

Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.

Explanation

ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORT

Message text

Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.

Explanation

ACL acceleration failed because the system does not support ACL acceleration.

Recommended action

No action is required.

 

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_UNK_ERR

Message text

Failed to accelerate [STRING] ACL [UINT32].

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.

Explanation

ACL acceleration failed because of an unknown error.

Recommended action

No action is required.

 

ACL_IPV6_STATIS_INFO

Message text

IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv6 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL6/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).

Explanation

The number of packets matching the IPv6 ACL rule changed.

Recommended action

No action is required.

 

ACL_NO_MEM

Message text

Failed to configure [STRING] ACL [UINT] due to lack of memory.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

3

Example

ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.

Explanation

Configuring the ACL failed because memory is insufficient.

Recommended action

Use the display memory-threshold command to check the memory usage.

 

ACL_STATIS_INFO

Message text

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv4 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

The number of packets matching the IPv4 ACL rule changed.

Recommended action

No action is required.

 

 

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text

-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected.

Variable fields

$1: ANCP neighbor name.

$2: Neighbor state.

$3: Message type.

$4: Field.

$5: Wrong value of the field.

$6: Expected value of the field.

Severity level

6

Example

ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected.

Explanation

The system received an adjacency message that had a field with a wrong value.

Recommended action

No action is required.

 

 

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text

No ARP reply from IP [STRING] was received on interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.

Explanation

The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message.

This message indicates the risk of attacks.

Recommended action

5.     Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first.

6.     If the ARP entries are correct and the attack continues, contact H3C Support.

 

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text

Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.

Variable fields

$1: Interface name.

$2: IP address.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.

Explanation

The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP.

This message indicates the risk of attacks.

Recommended action

No action is required. The device discards the ARP reply automatically.

 

ARP_BINDRULETOHW_FAILED

Message text

Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].

Variable fields

$1: Interface name.

$2: Source IP address.

$3: Source MAC address.

$4: VLAN ID.

$5: Gateway MAC address.

Severity level

5

Example

ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface GigabitEthernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.

Explanation

The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations:

·     The resources are not sufficient for the operation.

·     The memory is not sufficient for the operation.

·     A hardware error occurs.

Recommended action

To resolve the problem:

1.     Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient.

¡     If yes, proceed to step 2.

¡     If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2.

2.     Execute the display memory command to check if the memory for the operation is sufficient.

¡     If yes, proceed to step 3.

¡     If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3.

3.     Delete the configuration and perform the operation again.

 

ARP_DETECTION_LOG

Message text

Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped.

Variable fields

$1: Interface name.

$2: IP address.

$3: MAC address.

$4: VLAN ID.

$5: Number of dropped packets.

Severity level

5

Example

ARP/5/ARP_INSPECTION: -MDC=1; Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped.

Explanation

An ARP attack was detected on an interface and attack packets were dropped.

Recommended action

Check the source of the ARP attack.

 

ARP_DUPLICATE_IPADDR_DETECT

Message text

Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR].

Variable fields

$1: MAC address.

$2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$3: VSI name.

$4: MAC address.

$5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$6: VSI name.

$7: Conflicting IP address.

Severity level

4

Example

ARP/4/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface GigabitEthernet1/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1.

Explanation

This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different.

Recommended action

Change the IP address on either of the two devices.

 

ARP_DYNAMIC

Message text

The maximum number of dynamic ARP entries for the device reached.

Variable fields

N/A

Severity level

6

Example

ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached.

Explanation

The maximum number of dynamic ARP entries for the device was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_IF

Message text

The maximum number of dynamic ARP entries for interface [STRING] reached.

Variable fields

$1: Interface name.

Severity level

6

Example

ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached.

Explanation

The maximum number of dynamic ARP entries for the specified interface was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_SLOT

Message text

Pattern 1:

The maximum number of dynamic ARP entries for slot [INT32] reached.

Pattern 2:

The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached.

Variable fields

Pattern 1:

$1: Slot number.

Pattern 2:

$1: Chassis number.

$2: Slot number.

Severity level

6

Example

ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached.

Explanation

Pattern 1:

The maximum number of dynamic ARP entries for the slot was reached.

Pattern 2:

The maximum number of dynamic ARP entries for the slot on the chassis was reached.

Recommended action

No action is required.

 

ARP_ENTRY_CONFLICT

Message text

The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING].

Variable fields

$1: IP address.

$2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network.

$3: Inconsistent items:

¡     MAC address.

¡     output interface.

¡     output port.

¡     outermost layer VLAN ID.

¡     second outermost layer VLAN ID.

¡     VSI index.

¡     link ID.

Severity level

6

Example

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public  network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

Explanation

The software entry for the specified IP address is not the same as the hardware entry. For example, they do not have the same output interface.

Recommended action

No action is required. ARP automatically refreshes the hardware entries.

 

ARP_HOST_IP_CONFLICT

Message text

The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: Interface name.

Severity level

4

Example

ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.

Explanation

The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.

Recommended action

Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

 

ARP_LOCALPROXY_ENABLE_FAILED

Message text

Failed to enable local proxy ARP on interface [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local proxy ARP on interface VSI-interface 1.

Explanation

This message is sent when the device fails to enable local proxy ARP on an interface in a slot. If the interface resides on the MPU, the slot number is 0.

Recommended action

1.     Verify that the card supports local proxy ARP.

2.     Verify that sufficient hardware resources are available.

 

ARP_RATE_EXCEEDED

Message text

The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.

Variable fields

$1: ARP packet rate.

$2: ARP limit rate.

$3: Interface name.

$4: Interval time.

Severity level

4

Example

ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.

Explanation

An interface received ARP messages at a higher rate than the rate limit.

Recommended action

Verify that the hosts at the sender IP addresses are legitimate.

 

ARP_RATELIMIT_NOTSUPPORT

Message text

Pattern 1:

ARP packet rate limit is not support on slot [INT32].

Pattern 2:

ARP packet rate limit is not support on chassis [INT32] slot [INT32].

Variable fields

Pattern 1:

$1: Slot number.

Pattern 2:

$1: Chassis number.

$2: Slot number.

Severity level

6

Example

ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2.

Explanation

Pattern 1:

ARP packet rate limit is not supported on the slot.

Pattern 2:

ARP packet rate limit is not supported on the slot of the chassis was reached.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_IP_INVALID

Message text

Sender IP [STRING] was not on the same network as the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.

Explanation

The sender IP of a received ARP message was not on the same network as the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_MAC_INVALID

Message text

Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].

Variable fields

$1: MAC address.

$2: MAC address.

$3: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.

Explanation

An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.

Recommended action

Verify that the host at the sender MAC address is legitimate.

 

ARP_SENDER_SMACCONFLICT

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

Severity level

6

Example

ARP/6/ ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device.

Recommended action

No action is required.

 

ARP_SENDER_SMACCONFLICT_VSI

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

$4: VSI index.

$5: Link ID.

Severity level

6

Example

ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface.

Recommended action

No action is required.

 

ARP_SRC_MAC_FOUND_ATTACK

Message text

An attack from MAC [STRING] was detected on interface [STRING].

Variable fields

$1: MAC address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.

Explanation

The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold.

This message indicates the risk of attacks.

Recommended action

Verify that the host at the source MAC address is legitimate.

 

ARP_SUP_ENABLE_FAILED

Message text

Failed to enable ARP flood suppression on VSI [STRING].

Variable fields

$1: VSI name.

Severity level

4

Example

ARP/4/ARP_SUP_ENABLE_FAILED: -MDC=1; Failed to enable ARP flood suppression on VSI vpna.

Explanation

This message is sent when the system failed to enable ARP flood suppression for a VSI. The minimum interval between two log messages is 2 seconds. To make the system send the message successfully, wait for a minimum of 2 seconds before you enable ARP flood suppression for another VSI.

Recommended action

1.     Verify that the device supports ARP flood suppression.

2.     Verify that the hardware resources are sufficient.

 

ARP_TARGET_IP_INVALID

Message text

Target IP [STRING] was not the IP of the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.

Explanation

The target IP address of a received ARP message was not the IP address of the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_THRESHOLD_REACHED

Message text

The alarm threshold for dynamic ARP entry learning was reached on interface [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1.

Explanation

This message is sent when the alarm threshold for dynamic ARP learning was reached on GigabitEthernet 1/0/1.

Recommended action

Verify that the number of learned dynamic ARP entries matches the actual number of devices in the network and no ARP attack sources exist in the network.

 

ARP_USER_DUPLICATE_IPADDR_DETECT

Message text

Detected a user IP address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IP address [IPADDR].

Variable fields

$1: MAC address of a new user.

$2: Outer VLAN to which the new user belongs.

$3: Inner VLAN to which the new user belongs.

$4: Name of the interface connecting to the new user.

$5: MAC address of an old user.

$6: Outer VLAN to which the old user belongs.

$7: Inner VLAN to which the old user belongs.

$8: Name of the interface connecting to the old user.

$9: IP address.

Severity level

6

Example

ARP/6/ARP_USER_DUPLICATE_IPADDR_DETECT: Detected a user IP address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IP address 192.168.1.1.

Explanation

ARP detected a user IP address conflict. The IP address of a new user is the same as the IP address of an old user.

Recommended action

Verify that all users have different IP addresses.

 

ARP_USER_MOVE_DETECT

Message text

Detected a user (IP address [IPADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING].

Variable fields

$1: IP address of the user.

$2: MAC address of the user.

$3: Interface name before the migration.

$4: Outer VLAN to which the user belongs before the migration.

$5: Inner VLAN to which the user belongs before the migration.

$6: Interface name after the migration.

$7: Outer VLAN to which the user belongs after the migration.

$8: Inner VLAN to which the user belongs after the migration.

Severity level

6

Example

ARP/6/ARP_USER_MOVE_DETECT: Detected a user (IP address 192.168.1.1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10.

Explanation

ARP detected a user accesses the network through another port.

Recommended action

Use the display arp user-move record command to verify that the migration is legitimate.

 

DUPIFIP

Message text

Duplicate address [STRING] on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC Address.

Severity level

6

Example

ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.

Explanation

ARP detected a duplicate address.

The sender IP in the received ARP packet was being used by the receiving interface.

Recommended action

Modify the IP address configuration.

 

DUPIP

Message text

IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].

Variable fields

$1: IP address.

$2: MAC Address.

Severity level

6

Example

ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.

Explanation

The sender IP address of the received ARP packet conflicted with the global or imported IP address.

Recommended action

Modify the IP address configuration.

 

DUPVRRPIP

Message text

IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC address.

Severity level

6

Example

ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.

Explanation

The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.

Recommended action

Modify the IP address configuration.

 

 

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD_SZ

Message text

SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Source security zone name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_SMURF

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time a request is received.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time a request is received.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_SOURCEQUENCH: IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP source quench logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].