H3C S6890 Switch Series System Log Messages Reference(R36xx)-6W100

HomeSupportResource CenterSwitchesH3C S6890 Switch SeriesH3C S6890 Switch SeriesTechnical DocumentsMaintainMessage ReferencesH3C S6890 Switch Series System Log Messages Reference(R36xx)-6W100

 

H3C S6890 Switch Series

System Log Messages Reference

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Document version: 6W100-20201009

 

Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.


Contents

Introduction· 1

System log message format 1

Managing and obtaining system log messages· 3

Obtaining log messages from the console terminal 3

Obtaining log messages from a monitor terminal 3

Obtaining log messages from the log buffer 4

Obtaining log messages from the log file· 4

Obtaining log messages from a log host 4

Software module list 4

Using this document 8

AAA messages· 9

AAA_FAILURE· 10

AAA_LAUNCH· 10

AAA_SUCCESS· 11

ACL messages· 11

ACL_ACCELERATE_NO_RES· 11

ACL_ACCELERATE_NONCONTIGUOUSMASK· 12

ACL_ACCELERATE_NOT_SUPPORT· 12

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP· 12

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG·· 13

ACL_ACCELERATE_UNK_ERR· 13

ACL_IPV6_STATIS_INFO·· 13

ACL_NO_MEM·· 14

ACL_STATIS_INFO·· 14

AFT messages· 14

AFT_ADDRESS_CONFLICT· 15

AFT_LOG_FLOW·· 15

AFT_V6TOV4_FLOW·· 16

AFT_V4TOV6_FLOW·· 18

ANCP messages· 19

ANCP_INVALID_PACKET· 19

ARP messages· 19

ARP_ACTIVE_ACK_NO_REPLY· 20

ARP_ACTIVE_ACK_NOREQUESTED_REPLY· 20

ARP_BINDRULETOHW_FAILED·· 21

ARP_DUPLICATE_IPADDR_DETECT· 22

ARP_DYNAMIC· 22

ARP_DYNAMIC_IF· 23

ARP_DYNAMIC_SLOT· 23

ARP_ENTRY_CONFLICT· 24

ARP_HOST_IP_CONFLICT· 24

ARP_RATE_EXCEEDED·· 25

ARP_RATELIMIT_NOTSUPPORT· 25

ARP_SENDER_IP_INVALID·· 26

ARP_SENDER_MAC_INVALID·· 26

ARP_SRC_MAC_FOUND_ATTACK· 27

ARP_TARGET_IP_INVALID·· 27

DUPIFIP· 27

DUPIP· 28

DUPVRRPIP· 28

L3_COMMON· 29

ATK messages· 29

ATK_ICMP_ADDRMASK_REQ·· 30

ATK_ICMP_ADDRMASK_REQ_RAW·· 31

ATK_ICMP_ADDRMASK_REQ_RAW_SZ· 32

ATK_ICMP_ADDRMASK_REQ_SZ· 33

ATK_ICMP_ADDRMASK_RPL· 34

ATK_ICMP_ADDRMASK_RPL_RAW·· 35

ATK_ICMP_ADDRMASK_RPL_RAW_SZ· 36

ATK_ICMP_ADDRMASK_RPL_SZ· 37

ATK_ICMP_ECHO_REQ·· 38

ATK_ICMP_ECHO_REQ_RAW·· 39

ATK_ICMP_ECHO_REQ_RAW_SZ· 40

ATK_ICMP_ECHO_REQ_SZ· 41

ATK_ICMP_ECHO_RPL· 42

ATK_ICMP_ECHO_RPL_RAW·· 43

ATK_ICMP_ECHO_RPL_RAW_SZ· 44

ATK_ICMP_ECHO_RPL_SZ· 45

ATK_ICMP_FLOOD·· 46

ATK_ICMP_FLOOD_SZ· 46

ATK_ICMP_INFO_REQ·· 47

ATK_ICMP_INFO_REQ_RAW·· 48

ATK_ICMP_INFO_REQ_RAW_SZ· 49

ATK_ICMP_INFO_REQ_SZ· 50

ATK_ICMP_INFO_RPL· 51

ATK_ICMP_INFO_RPL_RAW·· 52

ATK_ICMP_INFO_RPL_RAW_SZ· 53

ATK_ICMP_INFO_RPL_SZ· 54

ATK_ICMP_LARGE· 55

ATK_ICMP_LARGE_RAW·· 56

ATK_ICMP_LARGE_RAW_SZ· 56

ATK_ICMP_LARGE_SZ· 57

ATK_ICMP_PARAPROBLEM·· 58

ATK_ICMP_PARAPROBLEM_RAW·· 59

ATK_ICMP_PARAPROBLEM_RAW_SZ· 60

ATK_ICMP_PARAPROBLEM_SZ· 61

ATK_ICMP_PINGOFDEATH· 62

ATK_ICMP_PINGOFDEATH_RAW·· 63

ATK_ICMP_PINGOFDEATH_RAW_SZ· 63

ATK_ICMP_PINGOFDEATH_SZ· 64

ATK_ICMP_REDIRECT· 65

ATK_ICMP_REDIRECT_RAW·· 66

ATK_ICMP_REDIRECT_RAW_SZ· 67

ATK_ICMP_REDIRECT_SZ· 68

ATK_ICMP_SMURF· 69

ATK_ICMP_SMURF_RAW·· 70

ATK_ICMP_SMURF_RAW_SZ· 71

ATK_ICMP_SMURF_SZ· 72

ATK_ICMP_SOURCEQUENCH· 73

ATK_ICMP_SOURCEQUENCH_RAW·· 74

ATK_ICMP_SOURCEQUENCH_RAW_SZ· 75

ATK_ICMP_SOURCEQUENCH_SZ· 76

ATK_ICMP_TIMEEXCEED·· 77

ATK_ICMP_TIMEEXCEED_RAW·· 78

ATK_ICMP_TIMEEXCEED_RAW_SZ· 79

ATK_ICMP_TIMEEXCEED_SZ· 80

ATK_ICMP_TRACEROUTE· 81

ATK_ICMP_TRACEROUTE_RAW·· 82

ATK_ICMP_TRACEROUTE_RAW_SZ· 82

ATK_ICMP_TRACEROUTE_SZ· 83

ATK_ICMP_TSTAMP_REQ·· 84

ATK_ICMP_TSTAMP_REQ_RAW·· 85

ATK_ICMP_TSTAMP_REQ_RAW_SZ· 86

ATK_ICMP_TSTAMP_REQ_SZ· 87

ATK_ICMP_TSTAMP_RPL· 88

ATK_ICMP_TSTAMP_RPL_RAW·· 89

ATK_ICMP_TSTAMP_RPL_RAW_SZ· 90

ATK_ICMP_TSTAMP_RPL_SZ· 91

ATK_ICMP_TYPE· 92

ATK_ICMP_TYPE_RAW·· 93

ATK_ICMP_TYPE_RAW_SZ· 94

ATK_ICMP_TYPE_SZ· 95

ATK_ICMP_UNREACHABLE· 96

ATK_ICMP_UNREACHABLE_RAW·· 97

ATK_ICMP_UNREACHABLE_RAW_SZ· 98

ATK_ICMP_UNREACHABLE_SZ· 99

ATK_ICMPV6_DEST_UNREACH· 100

ATK_ICMPV6_DEST_UNREACH_RAW·· 101

ATK_ICMPV6_DEST_UNREACH_RAW_SZ· 101

ATK_ICMPV6_DEST_UNREACH_SZ· 102

ATK_ICMPV6_ECHO_REQ·· 103

ATK_ICMPV6_ECHO_REQ_RAW·· 104

ATK_ICMPV6_ECHO_REQ_RAW_SZ· 104

ATK_ICMPV6_ECHO_REQ_SZ· 105

ATK_ICMPV6_ECHO_RPL· 106

ATK_ICMPV6_ECHO_RPL_RAW·· 107

ATK_ICMPV6_ECHO_RPL_RAW_SZ· 107

ATK_ICMPV6_ECHO_RPL_SZ· 108

ATK_ICMPV6_FLOOD·· 109

ATK_ICMPV6_FLOOD_SZ· 109

ATK_ICMPV6_GROUPQUERY· 110

ATK_ICMPV6_GROUPQUERY_RAW·· 111

ATK_ICMPV6_GROUPQUERY_RAW_SZ· 111

ATK_ICMPV6_GROUPQUERY_SZ· 112

ATK_ICMPV6_GROUPREDUCTION· 113

ATK_ICMPV6_GROUPREDUCTION_RAW·· 114

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ· 114

ATK_ICMPV6_GROUPREDUCTION_SZ· 115

ATK_ICMPV6_GROUPREPORT· 116

ATK_ICMPV6_GROUPREPORT_RAW·· 117

ATK_ICMPV6_GROUPREPORT_RAW_SZ· 117

ATK_ICMPV6_GROUPREPORT_SZ· 118

ATK_ICMPV6_LARGE· 119

ATK_ICMPV6_LARGE_RAW·· 119

ATK_ICMPV6_LARGE_RAW_SZ· 120

ATK_ICMPV6_LARGE_SZ· 120

ATK_ICMPV6_PACKETTOOBIG·· 121

ATK_ICMPV6_PACKETTOOBIG_RAW·· 122

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ· 122

ATK_ICMPV6_PACKETTOOBIG_SZ· 123

ATK_ICMPV6_PARAPROBLEM·· 124

ATK_ICMPV6_PARAPROBLEM_RAW·· 125

ATK_ICMPV6_PARAPROBLEM_RAW_SZ· 125

ATK_ICMPV6_PARAPROBLEM_SZ· 126

ATK_ICMPV6_TIMEEXCEED·· 127

ATK_ICMPV6_TIMEEXCEED_RAW·· 128

ATK_ICMPV6_TIMEEXCEED_RAW_SZ· 128

ATK_ICMPV6_TIMEEXCEED_SZ· 129

ATK_ICMPV6_TRACEROUTE· 130

ATK_ICMPV6_TRACEROUTE_RAW·· 131

ATK_ICMPV6_TRACEROUTE_RAW_SZ· 132

ATK_ICMPV6_TRACEROUTE_SZ· 133

ATK_ICMPV6_TYPE· 134

ATK_ICMPV6_TYPE _RAW_SZ· 135

ATK_ICMPV6_TYPE_RAW·· 135

ATK_ICMPV6_TYPE_SZ· 136

ATK_IP_OPTION· 137

ATK_IP_OPTION_RAW·· 138

ATK_IP_OPTION_RAW_SZ· 139

ATK_IP_OPTION_SZ· 140

ATK_IP4_ACK_FLOOD·· 141

ATK_IP4_ACK_FLOOD_SZ· 141

ATK_IP4_DIS_PORTSCAN· 142

ATK_IP4_DIS_PORTSCAN_SZ· 142

ATK_IP4_DNS_FLOOD·· 143

ATK_IP4_DNS_FLOOD_SZ· 143

ATK_IP4_FIN_FLOOD·· 144

ATK_IP4_FIN_FLOOD_SZ· 144

ATK_IP4_FRAGMENT· 145

ATK_IP4_FRAGMENT_RAW·· 146

ATK_IP4_FRAGMENT_RAW_SZ· 147

ATK_IP4_FRAGMENT_SZ· 148

ATK_IP4_HTTP_FLOOD·· 149

ATK_IP4_HTTP_FLOOD_SZ· 149

ATK_IP4_IMPOSSIBLE· 150

ATK_IP4_IMPOSSIBLE_RAW·· 151

ATK_IP4_IMPOSSIBLE_RAW_SZ· 152

ATK_IP4_IMPOSSIBLE_SZ· 153

ATK_IP4_IPSWEEP· 154

ATK_IP4_IPSWEEP_SZ· 154

ATK_IP4_PORTSCAN· 155

ATK_IP4_PORTSCAN_SZ· 155

ATK_IP4_RST_FLOOD·· 156

ATK_IP4_RST_FLOOD_SZ· 156

ATK_IP4_SYN_FLOOD·· 157

ATK_IP4_SYN_FLOOD_SZ· 157

ATK_IP4_SYNACK_FLOOD·· 158

ATK_IP4_SYNACK_FLOOD_SZ· 158

ATK_IP4_TCP_ALLFLAGS· 159

ATK_IP4_TCP_ALLFLAGS_RAW·· 160

ATK_IP4_TCP_ALLFLAGS_RAW_SZ· 160

ATK_IP4_TCP_ALLFLAGS_SZ· 161

ATK_IP4_TCP_FINONLY· 162

ATK_IP4_TCP_FINONLY_RAW·· 163

ATK_IP4_TCP_FINONLY_RAW_SZ· 163

ATK_IP4_TCP_FINONLY_SZ· 164

ATK_IP4_TCP_INVALIDFLAGS· 165

ATK_IP4_TCP_INVALIDFLAGS_RAW·· 166

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ· 167

ATK_IP4_TCP_INVALIDFLAGS_SZ· 168

ATK_IP4_TCP_LAND·· 169

ATK_IP4_TCP_LAND_RAW·· 170

ATK_IP4_TCP_LAND_RAW_SZ· 170

ATK_IP4_TCP_LAND_SZ· 171

ATK_IP4_TCP_NULLFLAG·· 172

ATK_IP4_TCP_NULLFLAG_RAW·· 173

ATK_IP4_TCP_NULLFLAG_RAW_SZ· 173

ATK_IP4_TCP_NULLFLAG_SZ· 174

ATK_IP4_TCP_SYNFIN· 175

ATK_IP4_TCP_SYNFIN_RAW·· 176

ATK_IP4_TCP_SYNFIN_RAW_SZ· 176

ATK_IP4_TCP_SYNFIN_SZ· 177

ATK_IP4_TCP_WINNUKE· 178

ATK_IP4_TCP_WINNUKE_RAW·· 179

ATK_IP4_TCP_WINNUKE_RAW_SZ· 179

ATK_IP4_TCP_WINNUKE_SZ· 180

ATK_IP4_TEARDROP· 181

ATK_IP4_TEARDROP_RAW·· 182

ATK_IP4_TEARDROP_RAW_SZ· 183

ATK_IP4_TEARDROP_SZ· 184

ATK_IP4_TINY_FRAGMENT· 185

ATK_IP4_TINY_FRAGMENT_RAW·· 186

ATK_IP4_TINY_FRAGMENT_RAW_SZ· 187

ATK_IP4_TINY_FRAGMENT_SZ· 188

ATK_IP4_UDP_BOMB· 189

ATK_IP4_UDP_BOMB_RAW·· 190

ATK_IP4_UDP_BOMB_RAW_SZ· 191

ATK_IP4_UDP_BOMB_SZ· 192

ATK_IP4_UDP_FLOOD·· 193

ATK_IP4_UDP_FLOOD_SZ· 193

ATK_IP4_UDP_FRAGGLE· 194

ATK_IP4_UDP_FRAGGLE_RAW·· 195

ATK_IP4_UDP_FRAGGLE_RAW_SZ· 195

ATK_IP4_UDP_FRAGGLE_SZ· 196

ATK_IP4_UDP_SNORK· 197

ATK_IP4_UDP_SNORK_RAW·· 198

ATK_IP4_UDP_SNORK_RAW_SZ· 198

ATK_IP4_UDP_SNORK_SZ· 199

ATK_IP6_ACK_FLOOD·· 200

ATK_IP6_ACK_FLOOD_SZ· 200

ATK_IP6_DIS_PORTSCAN· 201

ATK_IP6_DIS_PORTSCAN_SZ· 201

ATK_IP6_DNS_FLOOD·· 202

ATK_IP6_DNS_FLOOD_SZ· 202

ATK_IP6_FIN_FLOOD·· 203

ATK_IP6_FIN_FLOOD_SZ· 203

ATK_IP6_FRAGMENT· 204

ATK_IP6_FRAGMENT_RAW·· 205

ATK_IP6_FRAGMENT_RAW_SZ· 205

ATK_IP6_FRAGMENT_SZ· 206

ATK_IP6_HTTP_FLOOD·· 207

ATK_IP6_HTTP_FLOOD_SZ· 207

ATK_IP6_IMPOSSIBLE· 208

ATK_IP6_IMPOSSIBLE_RAW·· 209

ATK_IP6_IMPOSSIBLE_RAW_SZ· 209

ATK_IP6_IMPOSSIBLE_SZ· 210

ATK_IP6_IPSWEEP· 210

ATK_IP6_IPSWEEP_SZ· 211

ATK_IP6_PORTSCAN· 211

ATK_IP6_PORTSCAN_SZ· 212

ATK_IP6_RST_FLOOD·· 212

ATK_IP6_RST_FLOOD_SZ· 213

ATK_IP6_SYN_FLOOD·· 213

ATK_IP6_SYN_FLOOD_SZ· 214

ATK_IP6_SYNACK_FLOOD·· 214

ATK_IP6_SYNACK_FLOOD_SZ· 215

ATK_IP6_TCP_ALLFLAGS· 215

ATK_IP6_TCP_ALLFLAGS_RAW·· 216

ATK_IP6_TCP_ALLFLAGS_RAW_SZ· 216

ATK_IP6_TCP_ALLFLAGS_SZ· 217

ATK_IP6_TCP_FINONLY· 218

ATK_IP6_TCP_FINONLY_RAW·· 218

ATK_IP6_TCP_FINONLY_RAW_SZ· 219

ATK_IP6_TCP_FINONLY_SZ· 219

ATK_IP6_TCP_INVALIDFLAGS· 220

ATK_IP6_TCP_INVALIDFLAGS_RAW·· 221

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ· 222

ATK_IP6_TCP_INVALIDFLAGS_SZ· 223

ATK_IP6_TCP_LAND·· 224

ATK_IP6_TCP_LAND_RAW·· 224

ATK_IP6_TCP_LAND_RAW_SZ· 225

ATK_IP6_TCP_LAND_SZ· 225

ATK_IP6_TCP_NULLFLAG·· 226

ATK_IP6_TCP_NULLFLAG_RAW·· 226

ATK_IP6_TCP_NULLFLAG_RAW_SZ· 227

ATK_IP6_TCP_NULLFLAG_SZ· 227

ATK_IP6_TCP_SYNFIN· 228

ATK_IP6_TCP_SYNFIN_RAW·· 228

ATK_IP6_TCP_SYNFIN_RAW_SZ· 229

ATK_IP6_TCP_SYNFIN_SZ· 229

ATK_IP6_TCP_WINNUKE· 230

ATK_IP6_TCP_WINNUKE_RAW·· 230

ATK_IP6_TCP_WINNUKE_RAW_SZ· 231

ATK_IP6_TCP_WINNUKE_SZ· 231

ATK_IP6_UDP_FLOOD·· 232

ATK_IP6_UDP_FLOOD_SZ· 232

ATK_IP6_UDP_FRAGGLE· 233

ATK_IP6_UDP_FRAGGLE_RAW·· 233

ATK_IP6_UDP_FRAGGLE_RAW_SZ· 234

ATK_IP6_UDP_FRAGGLE_SZ· 234

ATK_IP6_UDP_SNORK· 235

ATK_IP6_UDP_SNORK_RAW·· 235

ATK_IP6_UDP_SNORK_RAW_SZ· 236

ATK_IP6_UDP_SNORK_SZ· 236

ATK_IPOPT_ABNORMAL· 237

ATK_IPOPT_ABNORMAL_RAW·· 238

ATK_IPOPT_ABNORMAL_RAW_SZ· 239

ATK_IPOPT_ABNORMAL_SZ· 240

ATK_IPOPT_LOOSESRCROUTE· 241

ATK_IPOPT_LOOSESRCROUTE_RAW·· 242

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ· 243

ATK_IPOPT_LOOSESRCROUTE_SZ· 244

ATK_IPOPT_RECORDROUTE· 245

ATK_IPOPT_RECORDROUTE_RAW·· 246

ATK_IPOPT_RECORDROUTE_RAW_SZ· 247

ATK_IPOPT_RECORDROUTE_SZ· 248

ATK_IPOPT_ROUTEALERT· 249

ATK_IPOPT_ROUTEALERT_RAW·· 250

ATK_IPOPT_ROUTEALERT_RAW_SZ· 251

ATK_IPOPT_ROUTEALERT_SZ· 252

ATK_IPOPT_SECURITY· 253

ATK_IPOPT_SECURITY_RAW·· 254

ATK_IPOPT_SECURITY_RAW_SZ· 255

ATK_IPOPT_SECURITY_SZ· 256

ATK_IPOPT_STREAMID·· 257

ATK_IPOPT_STREAMID_RAW·· 258

ATK_IPOPT_STREAMID_RAW_SZ· 259

ATK_IPOPT_STREAMID_SZ· 260

ATK_IPOPT_STRICTSRCROUTE· 261

ATK_IPOPT_STRICTSRCROUTE_RAW·· 262

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ· 263

ATK_IPOPT_STRICTSRCROUTE_SZ· 264

ATK_IPOPT_TIMESTAMP· 265

ATK_IPOPT_TIMESTAMP_RAW·· 266

ATK_IPOPT_TIMESTAMP_RAW_SZ· 267

ATK_IPOPT_TIMESTAMP_SZ· 268

ATK_IPV6_EXT_HEADER· 269

ATK_IPV6_EXT_HEADER_ABNORMAL_RAW_SZ· 269

ATK_IPV6_EXT_HEADER_ABNORMAL_SZ· 270

ATK_IPV6_EXT_HEADER_RAW·· 271

ATK_IPV6_EXT_HEADER_RAW_SZ· 271

ATK_IPV6_EXT_HEADER_SZ· 272

BFD messages· 272

BFD_CHANGE_FSM (Severity 4) 273

BFD_CHANGE_FSM (Severity 5) 274

BFD_CHANGE_SESS· 275

BFD_REACHED_UPPER_LIMIT· 275

BGP messages· 275

BGP_EXCEED_ROUTE_LIMIT· 276

BGP_REACHED_THRESHOLD·· 276

BGP_LOG_ROUTE_FLAP· 277

BGP_LABEL_CONFLICT· 277

BGP_LABEL_OUTOFRANGE· 277

BGP_MEM_ALERT· 278

BGP_PEER_LICENSE_REACHED·· 278

BGP_ROUTE_LICENSE_REACHED·· 278

BGP_STATE_CHANGED·· 279

BLS messages· 279

BLS_ENTRY_ADD·· 279

BLS_ENTRY_DEL· 280

BLS_IPV6_ENTRY_ADD·· 280

BLS_IPV6_ENTRY_DEL· 281

CFD messages· 281

CFD_CROSS_CCM·· 281

CFD_ERROR_CCM·· 282

CFD_LOST_CCM·· 282

CFD_NO_HRD_RESOURCE· 283

CFD_REACH_LOWERLIMIT· 283

CFD_REACH_UPPERLIMIT· 284

CFD_RECEIVE_CCM·· 284

CFGMAN messages· 284

CFGMAN_CFGCHANGED·· 285

CFGMAN_OPTCOMPLETION· 286

CLKM messages· 287

CLKM_ESMC_PKT_ALARM·· 287

CONNLMT messages· 287

CONNLMT_IPV4_OVERLOAD·· 288

CONNLMT_IPV4_RECOVER· 289

CONNLMT_IPV6_OVERLOAD·· 290

CONNLMT_IPV6_RECOVER· 291

Data plane backup messages· 291

DP_SWITCH_SUCCESS· 292

DEV messages· 292

BOARD_REBOOT· 292

BOARD_INSERTED·· 292

BOARD_REMOVED·· 293

BOARD_STATE_FAULT· 293

BOARD_STATE_NORMAL· 293

CFCARD_FAILED·· 294

CFCARD_INSERTED·· 294

CFCARD_REMOVED·· 294

CHASSIS_REBOOT· 295

CPU_STATE_NORMAL· 295

DEV_CLOCK_CHANGE· 295

DEV_FAULT_TOOLONG·· 296

DEV_REBOOT_UNSTABLE· 296

DYINGGASP· 296

FAN_ABSENT· 297

FAN_DIRECTION_NOT_PREFERRED·· 297

FAN_FAILED·· 298

FAN_RECOVERED·· 298

MAD_DETECT· 299

POWER_ABSENT· 299

POWER_FAILED·· 300

POWER_MONITOR_ABSENT· 300

POWER_MONITOR_FAILED·· 301

POWER_MONITOR_RECOVERED·· 301

POWER_RECOVERED·· 302

RPS_ABSENT· 302

RPS_NORMAL· 303

SUBCARD_FAULT· 303

SUBCARD_INSERTED·· 304

SUBCARD_REBOOT· 304

SUBCARD_REMOVED·· 304

SYSTEM_REBOOT· 305

TEMPERATURE_ALARM·· 306

TEMPERATURE_LOW·· 307

TEMPERATURE_NORMAL· 308

TEMPERATURE_POWEROFF· 308

TEMPERATURE_SHUTDOWN· 309

TEMPERATURE_WARNING·· 310

VCHK_VERSION_INCOMPATIBLE· 310

DHCP·· 311

DHCP_NOTSUPPORTED·· 311

DHCP_NORESOURCES· 311

DHCPR·· 311

DHCPR_SERVERCHANGE· 312

DHCPR_SWITCHMASTER· 312

DHCPS messages· 312

DHCPS_ALLOCATE_IP· 313

DHCPS_CONFLICT_IP· 313

DHCPS_EXTEND_IP· 314

DHCPS_FILE· 314

DHCPS_RECLAIM_IP· 315

DHCPS_THRESHOLD_EXCEED·· 315

DHCPS_THRESHOLD_RECOVER· 315

DHCPS_VERIFY_CLASS· 316

DHCPS_WARNING_EXHAUSTION· 316

DHCPS6 messages· 316

DHCPS6_ALLOCATE_ADDRESS· 317

DHCPS6_ALLOCATE_PREFIX· 317

DHCPS6_CONFLICT_ADDRESS· 318

DHCPS6_EXTEND_ADDRESS· 318

DHCPS6_EXTEND_PREFIX· 319

DHCPS6_FILE· 319

DHCPS6_RECLAIM_ADDRESS· 320

DHCPS6_RECLAIM_PREFIX· 320

DHCPSP4· 320

DHCPSP4_FILE· 321

DHCPSP6· 321

DHCPSP6_FILE· 321

DIAG messages· 321

CPU_MINOR_RECOVERY· 322

CPU_MINOR_THRESHOLD·· 322

CPU_SEVERE_RECOVERY· 322

CPU_SEVERE_THRESHOLD·· 323

CORE_EXCEED_THRESHOLD·· 323

CORE_MINOR_RECOVERY· 323

CORE_MINOR_THRESHOLD·· 324

CORE_RECOVERY· 324

DIAG_STORAGE_BELOW_THRESHOLD·· 324

DIAG_STORAGE_EXCEED_THRESHOLD·· 325

MEM_ALERT· 326

MEM_BELOW_THRESHOLD·· 327

MEM_EXCEED_THRESHOLD·· 327

DLDP messages· 328

DLDP_AUTHENTICATION_FAILED·· 328

DLDP_LINK_BIDIRECTIONAL· 328

DLDP_LINK_SHUTMODECHG·· 329

DLDP_LINK_UNIDIRECTIONAL· 329

DLDP_NEIGHBOR_AGED·· 329

DLDP_NEIGHBOR_CONFIRMED·· 330

DLDP_NEIGHBOR_DELETED·· 330

DOT1X messages· 330

DOT1X_LOGIN_FAILURE· 331

DOT1X_LOGIN_SUCC· 331

DOT1X_LOGOFF· 332

DOT1X_NOTENOUGH_EADFREEIP_RES· 332

DOT1X_NOTENOUGH_EADFREERULE_RES· 333

DOT1X_NOTENOUGH_EADMACREDIR_RES· 333

DOT1X_NOTENOUGH_EADPORTREDIR_RES· 333

DOT1X_NOTENOUGH_ENABLEDOT1X_RES· 334

DOT1X_SMARTON_FAILURE· 334

DOT1X_UNICAST_NOT_EFFECTIVE· 334

DRVPLAT· 335

DRVPLAT_INSTALL_LICENSE_FAILED·· 335

EDEV messages· 335

EDEV_FAILOVER_GROUP_STATE_CHANGE· 335

EIGRP messages· 336

RID_CHANGE· 336

PEER_CHANGE· 336

ERPS messages· 337

ERPS_STATE_CHANGED·· 337

ETH messages· 337

ETH_VLAN_TERMINATION_FAILED·· 338

ETH_VLAN_TERMINATION_NOT_SUPPORT· 338

ETH_VMAC_INEFFECTIVE· 338

ETHOAM messages· 339

ETHOAM_CONNECTION_FAIL_DOWN· 339

ETHOAM_CONNECTION_FAIL_TIMEOUT· 339

ETHOAM_CONNECTION_FAIL_UNSATISF· 340

ETHOAM_CONNECTION_SUCCEED·· 340

ETHOAM_DISABLE· 340

ETHOAM_DISCOVERY_EXIT· 341

ETHOAM_ENABLE· 341

ETHOAM_ENTER_LOOPBACK_CTRLLED·· 341

ETHOAM_ENTER_LOOPBACK_CTRLLING·· 342

ETHOAM_LOCAL_DYING_GASP· 342

ETHOAM_LOCAL_ERROR_FRAME· 342

ETHOAM_LOCAL_ERROR_FRAME_PERIOD·· 343

ETHOAM_LOCAL_ERROR_FRAME_SECOND·· 343

ETHOAM_LOCAL_LINK_FAULT· 343

ETHOAM_LOOPBACK_EXIT· 344

ETHOAM_LOOPBACK_EXIT_ERROR_STATU· 344

ETHOAM_LOOPBACK_NO_RESOURCE· 344

ETHOAM_LOOPBACK_NOT_SUPPORT· 345

ETHOAM_QUIT_LOOPBACK_CTRLLED·· 345

ETHOAM_QUIT_LOOPBACK_CTRLLING·· 345

ETHOAM_REMOTE_CRITICAL· 346

ETHOAM_REMOTE_DYING_GASP· 346

ETHOAM_REMOTE_ERROR_FRAME· 346

ETHOAM_REMOTE_ERROR_FRAME_PERIOD·· 347

ETHOAM_REMOTE_ERROR_FRAME_SECOND·· 347

ETHOAM_REMOTE_ERROR_SYMBOL· 347

ETHOAM_REMOTE_EXIT· 348

ETHOAM_REMOTE_FAILURE_RECOVER· 348

ETHOAM_REMOTE_LINK_FAULT· 348

ETHOAM_NO_ENOUGH_RESOURCE· 349

ETHOAM_NOT_CONNECTION_TIMEOUT· 349

EVB messages· 349

EVB_AGG_FAILED·· 350

EVB_LICENSE_EXPIRE· 350

EVB_VSI_OFFLINE· 350

EVB_VSI_ONLINE· 351

EVIISIS messages· 351

EVIISIS_LICENSE· 351

EVIISIS_NBR_CHG·· 352

FCLINK messages· 352

FCLINK_FDISC_REJECT_NORESOURCE· 352

FCLINK_FLOGI_REJECT_NORESOURCE· 353

FCOE messages· 353

FCOE_INTERFACE_NOTSUPPORT_FCOE· 353

FCOE_LAGG_BIND_ACTIVE· 354

FCOE_LAGG_BIND_DEACTIVE· 354

FCZONE messages· 354

FCZONE_HARDZONE_DISABLED·· 355

FCZONE_HARDZONE_ENABLED·· 355

FCZONE_ISOLATE_NEIGHBOR· 355

FCZONE_ISOLATE_ALLNEIGHBOR· 356

FCZONE_ISOLATE_CLEAR_VSAN· 356

FCZONE_ISOLATE_CLEAR_ALLVSAN· 357

FCZONE_DISTRIBUTE_FAILED·· 357

FIB messages· 357

FIB_FILE· 358

FILTER messages· 358

FILTER_EXECUTION_ICMP· 358

FILTER_EXECUTION_ICMPV6· 359

FILTER_IPV4_EXECUTION· 360

FILTER_IPV6_EXECUTION· 361

FIPSNG messages· 361

FIPSNG_HARD_RESOURCE_NOENOUGH· 361

FIPSNG_HARD_RESOURCE_RESTORE· 362

FTP messages· 362

FTP_ACL_DENY· 362

FTP_REACH_SESSION_LIMIT· 363

gRPC messages· 363

GRPC_ENABLE_WITHOUT_TLS· 363

GRPC_LOGIN· 364

GRPC_LOGIN_FAILED·· 364

GRPC_LOGOUT· 364

GRPC_SERVER_FAILED·· 365

GRPC_SUBSCRIBE_EVENT_FAILED·· 365

GRPC_RECEIVE_SUBSCRIPTION· 365

HA messages· 365

HA_BATCHBACKUP_FINISHED·· 366

HA_BATCHBACKUP_STARTED·· 366

HA_STANDBY_NOT_READY· 366

HA_STANDBY_TO_MASTER· 367

HQOS messages· 367

HQOS_DP_SET_FAIL· 367

HQOS_FP_SET_FAIL· 368

HQOS_POLICY_APPLY_FAIL· 368

HQOS_POLICY_APPLY_FAIL· 369

HTTPD messages· 369

HTTPD_CONNECT· 369

HTTPD_CONNECT_TIMEOUT· 370

HTTPD_DISCONNECT· 370

HTTPD_FAIL_FOR_ACL· 370

HTTPD_FAIL_FOR_ACP· 371

HTTPD_REACH_CONNECT_LIMIT· 371

IFNET messages· 371

FLEXE_BANDWIDTH_MISMATCH· 372

FLEXE_BANDWIDTH_MISMATCH_RECOVER· 372

FLEXE_BANDWIDTH_REDUCE· 372

FLEXE_BANDWIDTH_REDUCE_RECOVER· 373

FLEXE_CLIENTID_MISMATCH· 373

FLEXE_CLIENTID_MISMATCH_RECOVER· 373

FLEXE_GROUP_FAULT· 374

FLEXE_GROUP_FAULT_RECOVER· 374

FLEXE_GROUPMEMBER_FAULT· 374

FLEXE_GROUPMEMBER_FAULT_RECOVER· 375

FLEXE_PHYFCSSD_ALARM·· 375

FLEXE_PHYFCSSD_ALARM_RECOVER· 375

FLEXE_PHYGROUP_MISMATCH· 376

FLEXE_PHYGROUP_MISMATCH_RECOVER· 376

FLEXE_PHYLOCAL_FAULT· 377

FLEXE_PHYLOCAL_FAULT_RECOVER· 377

FLEXE_PHYNUM_MISMATCH· 377

FLEXE_PHYNUM_MISMATCH_RECOVER· 378

FLEXE_PHYREMOTE_FAULT· 378

FLEXE_PHYREMOTE_FAULT_RECOVER· 378

FLEXE_STSG_MISMATCH· 379

FLEXE_STSG_MISMATCH_RECOVER· 379

IF_JUMBOFRAME_WARN· 380

INTERFACE_NOTSUPPRESSED·· 380

INTERFACE_SUPPRESSED·· 380

LINK_UPDOWN· 381

PHY_UPDOWN· 381

PROTOCOL_UPDOWN· 381

VLAN_MODE_CHANGE· 382

IKE messages· 382

IKE_P1_SA_ESTABLISH_FAIL· 382

IKE_P2_SA_ESTABLISH_FAIL· 383

IKE_P2_SA_TERMINATE· 383

INTRACE messages· 383

WHITELIST· 384

IP6ADDR·· 385

IP6ADDR_CREATEADDRESS_ERROR· 385

IP6ADDR_CREATEADDRESS_INVALID·· 385

IP6FW messages· 385

IP6FW_ABNORMAL_HEADERS· 386

IP6FW_FAILED_TO_SET_MTU· 386

IPADDR messages· 386

IPADDR_HA_EVENT_ERROR· 387

IPADDR_HA_STOP_EVENT· 388

IPFW messages· 388

IP_ADD_FLOW_ANTITCPSYNFLD·· 388

IP_ADD_FLOW_ANTIUDPFLD·· 389

IP_ADD_INTERFACE_ANTITCPSYNFLD·· 389

IP_ADD_INTERFACE_ANTIUDPFLD·· 389

IP_DEL_FLOW_ANTITCPSYNFLD·· 390

IP_DEL_FLOW_ANTIUDPFLD·· 390

IP_DEL_INTERFACE_ANTITCPSYNFLD·· 391

IP_DEL_INTERFACE_ANTIUDPFLD·· 391

IP_INSERT_FAILED_ANTITCPSYNFLD·· 391

IP_INSERT_FAILED_ANTIUDPFLD·· 392

IP_NOTSUPPORT_ANTITCPSYNFLD·· 392

IP_NOTSUPPORT_ANTIUDPFLD·· 392

IP_SETTING_FAILED_ANTITCPSYNFLD·· 393

IP_SETTING_FAILED_ANTIUDPFLD·· 393

IP_CLEARDRVSTAT_ANTITCPSYNFLD·· 393

IP_CLEARDRVSTAT_ANTIUDPFLD·· 394

IPFW_BPA_NORESOURCE· 394

IPFW_FAILED_TO_SET_MTU· 394

IPFW_INFO·· 395

IPoE messages· 395

IPOE_ENABLE_ERROR· 396

IPOE_SESSIONS_LOWER_THRESHOLD·· 396

IPOE_SESSIONS_RECOVER_NORMAL· 397

IPOE_SESSIONS_UPPER_THRESHOLD·· 397

IPSEC messages· 397

IPSEC_FAILED_ADD_FLOW_TABLE· 397

IPSEC_PACKET_DISCARDED·· 398

IPSEC_SA_ESTABLISH· 398

IPSEC_SA_ESTABLISH_FAIL· 399

IPSEC_SA_INITINATION· 399

IPSEC_SA_TERMINATE· 400

IPSG messages· 400

IPSG_ADDENTRY_ERROR· 401

IPSG_DELENTRY_ERROR· 402

IRDP messages· 402

IRDP_EXCEED_ADVADDR_LIMIT· 402

ISIS messages· 402

ISIS_LSP_CONFLICT· 403

ISIS_MEM_ALERT· 403

ISIS_NBR_CHG·· 404

ISSU messages· 404

ISSU_ROLLBACKCHECKNORMAL· 404

ISSU_PROCESSWITCHOVER· 405

KHTTP messages· 405

KHTTP_BIND_PORT_ALLOCETED·· 405

KHTTP_BIND_ADDRESS_INUSED·· 406

L2PT messages· 406

L2PT_SET_MULTIMAC_FAILED·· 406

L2PT_CREATE_TUNNELGROUP_FAILED·· 407

L2PT_ADD_GROUPMEMBER_FAILED·· 407

L2PT_ENABLE_DROP_FAILED·· 407

L2TPv2 messages· 407

L2TPV2_SESSION_EXCEED_LIMIT· 408

L2TPV2_TUNNEL_EXCEED_LIMIT· 408

L2TPV2_SESSIONS_LOWER_THRESHOLD·· 408

L2TPV2_SESSIONS_RECOVER_NORMAL· 409

L2TPV2_SESSIONS_UPPER_THRESHOLD·· 409

L2VPN messages· 409

L2VPN_BGPVC_CONFLICT_LOCAL· 410

L2VPN_BGPVC_CONFLICT_REMOTE· 410

L2VPN_HARD_RESOURCE_NOENOUGH· 410

L2VPN_HARD_RESOURCE_RESTORE· 411

L2VPN_LABEL_DUPLICATE· 411

L2VPN_MACLIMIT_FALL_AC· 412

L2VPN_MACLIMIT_FALL_PW·· 412

L2VPN_MACLIMIT_FALL_VSI 413

L2VPN_MACLIMIT_MAX_AC· 413

L2VPN_MACLIMIT_MAX_PW·· 414

L2VPN_MACLIMIT_MAX_VSI 414

LAGG messages· 414

LAGG_ACTIVE· 415

LAGG_INACTIVE_AICFG·· 415

LAGG_INACTIVE_BFD·· 416

LAGG_INACTIVE_CONFIGURATION· 416

LAGG_INACTIVE_DUPLEX· 417

LAGG_INACTIVE_HARDWAREVALUE· 417

LAGG_INACTIVE_LINKQUALITY_LOW·· 418

LAGG_INACTIVE_IRFSELECTMODE· 418

LAGG_INACTIVE_LOWER_LIMIT· 419

LAGG_INACTIVE_PARTNER· 419

LAGG_INACTIVE_PHYSTATE· 420

LAGG_INACTIVE_RESOURCE_INSUFICIE· 420

LAGG_INACTIVE_SECONDARY· 421

LAGG_INACTIVE_SPEED·· 421

LAGG_INACTIVE_STRUNK_DOWN· 422

LAGG_INACTIVE_UPPER_LIMIT· 422

LB messages· 422

LB_SLB_LICENSE_INSTALLED·· 423

LB_SLB_LICENSE_UNINSTALLED·· 423

LDP messages· 423

LDP_SESSION_CHG·· 424

LDP_SESSION_GR· 425

LDP_SESSION_SP· 426

LDP_ADJACENCY_DOWN· 427

LLDP messages· 428

LLDP_CREATE_NEIGHBOR· 428

LLDP_DELETE_NEIGHBOR· 429

LLDP_LESS_THAN_NEIGHBOR_LIMIT· 429

LLDP_NEIGHBOR_AGE_OUT· 430

LLDP_PVID_INCONSISTENT· 430

LLDP_REACH_NEIGHBOR_LIMIT· 431

LOAD messages· 431

BOARD_LOADING·· 431

LOAD_FAILED·· 432

LOAD_FINISHED·· 432

Local messages· 432

LOCAL_CMDDENY· 433

LOGIN messages· 436

LOGIN_AUTHENTICATION_FAILED·· 436

LOGIN_FAILED·· 437

LOGIN_ INVALID_USERNAME_PWD·· 437

LPDT messages· 437

LPDT_LOOPED·· 437

LPDT_QINQ_LOOPED·· 438

LPDT_QINQ_RECOVERED·· 438

LPDT_RECOVERED·· 438

LPDT_VLAN_LOOPED·· 439

LPDT_VLAN_RECOVERED·· 439

LS messages· 439

LOCALSVR_PROMPTED_CHANGE_PWD·· 440

LS_ADD_USER_TO_GROUP· 440

LS_AUTHEN_FAILURE· 441

LS_AUTHEN_SUCCESS· 441

LS_DEL_USER_FROM_GROUP· 442

LS_DELETE_PASSWORD_FAIL· 442

LS_PWD_ADDBLACKLIST· 442

LS_PWD_CHGPWD_FOR_AGEDOUT· 443

LS_PWD_CHGPWD_FOR_AGEOUT· 443

LS_PWD_CHGPWD_FOR_COMPOSITION· 443

LS_PWD_CHGPWD_FOR_FIRSTLOGIN· 444

LS_PWD_CHGPWD_FOR_LENGTH· 444

LS_PWD_FAILED2WRITEPASS2FILE· 444

LS_PWD_MODIFY_FAIL· 445

LS_PWD_MODIFY_SUCCESS· 445

LS_REAUTHEN_FAILURE· 446

LS_UPDATE_PASSWORD_FAIL· 446

LS_USER_CANCEL· 446

LS_USER_PASSWORD_EXPIRE· 447

LS_USER_ROLE_CHANGE· 447

LSM messages· 447

LSM_SR_LABEL_CONFLICT· 448

LSM_SR_PREFIX_CONFLICT· 448

LSPV messages· 448

LSPV_PING_STATIS_INFO·· 449

MAC messages· 449

MAC_TABLE_FULL_GLOBAL· 449

MAC_TABLE_FULL_PORT· 450

MAC_TABLE_FULL_VLAN· 450

MACA messages· 450

MACA_ENABLE_NOT_EFFECTIVE· 451

MACA_LOGIN_FAILURE· 451

MACA_LOGIN_SUCC· 452

MACA_LOGOFF· 452

MACSEC messages· 452

MACSEC_MKA_KEEPALIVE_TIMEOUT· 453

MACSEC_MKA_PRINCIPAL_ACTOR· 453

MACSEC_MKA_SAK_REFRESH· 453

MACSEC_MKA_SESSION_REAUTH· 454

MACSEC_MKA_SESSION_SECURED·· 454

MACSEC_MKA_SESSION_START· 455

MACSEC_MKA_SESSION_STOP· 455

MACSEC_MKA_SESSION_UNSECURED·· 456

MBFD messages· 456

MBFD_TRACEROUTE_FAILURE· 456

MBUF messages· 457

MBUF_DATA_BLOCK_CREATE_FAIL· 457

MDC messages· 457

MDC_CREATE_ERR· 458

MDC_CREATE· 458

MDC_DELETE· 458

MDC_EVENT_ERROR· 459

MDC_KERNEL_EVENT_TOOLONG·· 459

MDC_LICENSE_EXPIRE· 460

MDC_NO_FORMAL_LICENSE· 460

MDC_NO_LICENSE_EXIT· 460

MDC_OFFLINE· 461

MDC_ONLINE· 461

MDC_STATE_CHANGE· 461

MFIB messages· 462

MFIB_CFG_NOT_SUPPORT· 462

MFIB_MTI_NO_ENOUGH_RESOURCE· 462

MFIB_OIF_NOT_SUPPORT· 463

MGROUP messages· 463

MGROUP_APPLY_SAMPLER_FAIL· 463

MGROUP_RESTORE_CPUCFG_FAIL· 464

MGROUP_RESTORE_IFCFG_FAIL· 464

MGROUP_SYNC_CFG_FAIL· 465

MPLS messages· 465

MPLS_HARD_RESOURCE_NOENOUGH· 465

MPLS_HARD_RESOURCE_RESTORE· 466

MSC messages· 466

MSC_NO_RTP_IN2SECS· 466

MSC_NO_RTP_IN2XNSECS· 466

MSC_NO_RTP_IN120SECS· 467

MTLK messages· 467

MTLK_UPLINK_STATUS_CHANGE· 467

MTP messages· 467

MTP_PING_INFO·· 468

MTP_TRACERT_INFO·· 468

NAT messages· 468

DSLITE_SYSLOG·· 469

EIM_MODE_PORT_USAGE_ALARM·· 469

NAT_ADDR_BIND_CONFLICT· 470

NAT_EIM·· 470

NAT_FAILED_ADD_FLOW_RULE· 471

NAT_FAILED_ADD_FLOW_TABLE· 471

NAT_FLOW·· 472

NAT_INSTANCE_SERVER_INVALID·· 473

NAT_RESOURCE_MEMORY_WARNING·· 473

NAT_SERVER_INVALID·· 474

NAT_SERVICE_CARD_RECOVER_FAILURE· 475

NAT444_SYSLOG·· 475

PORT_USAGE_ALARM·· 476

PORTBLOCK_ALARM·· 476

PORTBLOCKGRP_MEMORY_WARNING·· 477

ND messages· 477

ND_CONFLICT· 477

ND_DUPADDR· 478

ND_HOST_IP_CONFLICT· 478

ND_MAC_CHECK· 479

ND_MAXNUM_DEV· 479

ND_MAXNUM_IF· 479

ND_RAGUARD_DROP· 480

ND_SET_PORT_TRUST_NORESOURCE· 480

ND_SET_VLAN_REDIRECT_NORESOURCE· 480

NETCONF messages· 481

CLI 481

EDIT-CONFIG·· 482

NETCONF_MSG_DEL· 483

REPLY· 483

THREAD·· 484

NQA messages· 484

NQA_BATCH_START_FAILURE· 484

NQA_LOG_UNREACHABLE· 484

NQA_PACKET_OVERSIZE· 485

NQA_REFLECTOR_START_FAILURE· 485

NQA_REFRESH_FAILURE· 486

NQA_REFRESH_START· 486

NQA_SCHEDULE_FAILURE· 487

NQA_SEVER_FAILURE· 487

NQA_START_FAILURE· 488

NQA_TWAMP_LIGHT_PACKET_INVALID·· 488

NQA_TWAMP_LIGHT_REACTION· 489

NQA_TWAMP_LIGHT_START_FAILURE· 489

NTP messages· 490

NTP_CLOCK_CHANGE· 490

NTP_LEAP_CHANGE· 490

NTP_SOURCE_CHANGE· 491

NTP_SOURCE_LOST· 491

NTP_STRATUM_CHANGE· 491

OBJP messages· 492

OBJP_ACCELERATE_NO_RES· 492

OBJP_ACCELERATE_NOT_SUPPORT· 492

OBJP_ACCELERATE_UNK_ERR· 493

OFP messages· 493

OFC_DATAPATH_CHANNEL_CONNECT· 493

OFC_DATAPATH_CHANNEL_DISCONNECT· 494

OFC_FLOW_ADD·· 494

OFC_FLOW_DEL· 494

OFC_FLOW_MOD·· 495

OFP_ACTIVE· 495

OFP_ACTIVE_FAILED·· 495

OFP_CONNECT· 496

OFP_FAIL_OPEN· 496

OFP_FLOW_ADD·· 497

OFP_FLOW_ADD_DUP· 497

OFP_FLOW_ADD_FAILED·· 498

OFP_FLOW_ADD_TABLE_MISS· 498

OFP_FLOW_ADD_TABLE_MISS_FAILED·· 499

OFP_FLOW_DEL· 499

OFP_FLOW_DEL_TABLE_MISS· 500

OFP_FLOW_DEL_TABLE_MISS_FAILED·· 500

OFP_FLOW_MOD·· 501

OFP_FLOW_MOD_FAILED·· 501

OFP_FLOW_MOD_TABLE_MISS· 502

OFP_FLOW_MOD_TABLE_MISS_FAILED·· 502

OFP_FLOW_RMV_GROUP· 503

OFP_FLOW_RMV_HARDTIME· 503

OFP_FLOW_RMV_IDLETIME· 503

OFP_FLOW_RMV_METER· 504

OFP_FLOW_UPDATE_FAILED·· 504

OFP_GROUP_ADD·· 505

OFP_GROUP_ADD_FAILED·· 505

OFP_GROUP_DEL· 506

OFP_GROUP_MOD·· 506

OFP_GROUP_MOD_FAILED·· 507

OFP_METER_ADD·· 507

OFP_METER_ADD_FAILED·· 507

OFP_METER_DEL· 508

OFP_METER_MOD·· 508

OFP_METER_MOD_FAILED·· 509

OFP_MISS_RMV_GROUP· 509

OFP_MISS_RMV_HARDTIME· 509

OFP_MISS_RMV_IDLETIME· 510

OFP_MISS_RMV_METER· 510

OPENSRC (RSYNC) messages· 510

Synchronization success· 511

Synchronization failure· 511

Synchronization error 512

OPTMOD messages· 512

BIAS_HIGH· 512

BIAS_LOW·· 513

BIAS_NORMAL· 513

CFG_ERR· 513

CHKSUM_ERR· 514

FIBER_SFP MODULE_INVALID·· 514

FIBER_SFPMODULE_NOWINVALID·· 515

IO_ERR· 515

MOD_ALM_OFF· 515

MOD_ALM_ON· 516

MODULE_IN· 516

MODULE_OUT· 516

PHONY_MODULE· 517

RX_ALM_OFF· 517

RX_ALM_ON· 517

RX_POW_HIGH· 518

RX_POW_LOW·· 518

RX_POW_NORMAL· 518

TEMP_HIGH· 519

TEMP_LOW·· 519

TEMP_NORMAL· 519

TX_ALM_OFF· 520

TX_ALM_ON· 520

TX_POW_HIGH· 520

TX_POW_LOW·· 521

TX_POW_NORMAL· 521

TYPE_ERR· 521

VOLT_HIGH· 522

VOLT_LOW·· 522

VOLT_NORMAL· 522

OSPF messages· 523

OSPF_DUP_RTRID_NBR· 523

OSPF_IP_CONFLICT_INTRA· 523

OSPF_LAST_NBR_DOWN· 524

OSPF_MEM_ALERT· 524

OSPF_NBR_CHG·· 525

OSPF_NBR_CHG_REASON· 526

OSPF_RT_LMT· 527

OSPF_RTRID_CHG·· 527

OSPF_RTRID_CONFLICT_INTER· 527

OSPF_RTRID_CONFLICT_INTRA· 528

OSPF_VLINKID_CHG·· 528

OSPFV3 messages· 528

OSPFV3_LAST_NBR_DOWN· 529

OSPFV3_MEM_ALERT· 529

OSPFV3_NBR_CHG·· 530

OSPFV3_RT_LMT· 530

PBB messages· 530

PBB_JOINAGG_WARNING·· 531

PBR messages· 531

PBR_HARDWARE_BIND_ERROR· 531

PBR_HARDWARE_ERROR· 532

PBR_NEXTHOP_CHANGE· 532

PCE messages· 532

PCE_PCEP_SESSION_CHG·· 533

PFILTER messages· 533

PFILTER_GLB_IPV4_DACT_NO_RES· 534

PFILTER_GLB_IPV4_DACT_UNK_ERR· 534

PFILTER_GLB_IPV6_DACT_NO_RES· 535

PFILTER_GLB_IPV6_DACT_UNK_ERR· 535

PFILTER_GLB_MAC_DACT_NO_RES· 536

PFILTER_GLB_MAC_DACT_UNK_ERR· 536

PFILTER_GLB_NO_RES· 537

PFILTER_GLB_NOT_SUPPORT· 537

PFILTER_GLB_ RES_CONFLICT· 538

PFILTER_GLB_UNK_ERR· 538

PFILTER_IF_IPV4_DACT_NO_RES· 539

PFILTER_IF_IPV4_DACT_UNK_ERR· 539

PFILTER_IF_IPV6_DACT_NO_RES· 540

PFILTER_IF_IPV6_DACT_UNK_ERR· 540

PFILTER_IF_MAC_DACT_NO_RES· 541

PFILTER_IF_MAC_DACT_UNK_ERR· 541

PFILTER_IF_NO_RES· 542

PFILTER_IF_NOT_SUPPORT· 542

PFILTER_IF_RES_CONFLICT· 543

PFILTER_IF_UNK_ERR· 543

PFILTER_IPV6_STATIS_INFO·· 544

PFILTER_STATIS_INFO·· 544

PFILTER_VLAN_IPV4_DACT_NO_RES· 545

PFILTER_VLAN_IPV4_DACT_UNK_ERR· 545

PFILTER_VLAN_IPV6_DACT_NO_RES· 546

PFILTER_VLAN_IPV6_DACT_UNK_ERR· 546

PFILTER_VLAN_MAC_DACT_NO_RES· 547

PFILTER_VLAN_MAC_DACT_UNK_ERR· 547

PFILTER_VLAN_NO_RES· 548

PFILTER_VLAN_NOT_SUPPORT· 548

PFILTER_VLAN_RES_CONFLICT· 549

PFILTER_VLAN_UNK_ERR· 549

PIM messages· 549

PIM_NBR_DOWN· 550

PIM_NBR_UP· 550

PING messages· 550

PING_STATISTICS· 551

PING_VPN_STATISTICS· 552

PKG messages· 552

PKG_VERSION_CONSISTENT· 553

PKI messages· 553

REQUEST_CERT_FAIL· 554

REQUEST_CERT_SUCCESS· 554

LOCAL_WILL_EXPIRE· 554

LOCAL_HAS_EXPIRE· 555

PKT2CPU messages· 555

PKT2CPU_NO_RESOURCE· 555

PKTCPT· 555

PKTCPT_AP_OFFLINE· 556

PKTCPT_AREADY_EXIT· 556

PKTCPT_CONN_FAIL· 557

PKTCPT_INVALID_FILTER· 557

PKTCPT_LOGIN_DENIED·· 557

PKTCPT_MEMORY_ALERT· 558

PKTCPT_OPEN_FAIL· 558

PKTCPT_OPERATION_TIMEOUT· 559

PKTCPT_SERVICE_FAIL· 559

PKTCPT_UNKNOWN_ERROR· 559

PKTCPT_UPLOAD_ERROR· 560

PKTCPT_WRITE_FAIL· 560

Portal messages· 560

PORTAL_LIMIT_GLOBAL· 561

PORTAL_LIMIT_IF· 561

PORTAL_USER_LOGON_SUCCESS· 561

PORTAL_USER_LOGON_FAIL· 562

PORTAL_USER_LOGOFF· 563

PORTAL_USER_LOGOFF_ABNORMAL· 564

PORTSEC messages· 565

PORTSEC_ACL_FAILURE· 566

PORTSEC_LEARNED_MACADDR· 566

PORTSEC_NTK_NOT_EFFECTIVE· 567

PORTSEC_PORTMODE_NOT_EFFECTIVE· 567

PORTSEC_PROFILE_FAILURE· 568

PORTSEC_VIOLATION· 568

PS messages· 568

PS_SWITCH_WTOP· 569

PS_SWITCH_PTOW·· 569

PTP messages· 569

PTP_SRC_CLASS_BELOW_THRESHOLD·· 570

PTP_CLOCK_SRC_RECOVER· 570

PTP_EXT_TIME_PORT_DISCONNECT· 571

PTP_EXT_TIME_PORT_RECOVER· 571

PTP_FREQUENCY_LOCK· 571

PTP_FREQUENCY_NOT_LOCK· 572

PTP_MASTER_CLOCK_CHANGE· 573

PTP_PKT_ABNORMAL· 574

PTP_PKT_ABNORMALCOUNT· 575

PTP_PKTLOST_RECOVER· 575

PTP_PKTLOST· 576

PTP_PORT_BMCINFO_CHANGE· 576

PTP_PORT_STATE_CHANGE· 577

PTP_SRC_CHANGE· 578

PTP_SRC_SWITCH· 578

PTP_TIME_LOCK· 579

PTP_TIME_NOT_LOCK· 579

PTP_TIME_OFFSE_EXCEED_THRESHOLD·· 580

PTP_TIME_OFFSET_RECOVER· 580

PTP_TIME_SYNC· 580

PTP_TIME_UNSYNC· 581

PTP_TIMESTAMP_CHANGE· 581

PTP_TIMESTAMP_UNCHANGE· 582

PTP_TIMOFFSUM_PK-PK_ALARM·· 582

PTP_TIMOFFSUM_PK-PK_RECOVER· 583

PWDCTL messages· 583

PWDCTL_ADD_BLACKLIST· 583

PWDCTL_CHANGE_PASSWORD·· 584

PWDCTL_FAILED_TO_OPENFILE· 584

PWDCTL_FAILED_TO_WRITEPWD·· 584

PWDCTL_NOENOUGHSPACE· 585

PWDCTL_NOTFOUNDUSER· 585

PWDCTL_UPDATETIME· 585

QOS messages· 585

EDSG_CONFIG_CONFLICT· 586

EDSG_EXCEED_LIMIT· 586

EDSG_LRMODE_CONFLICT· 587

EDSG_MODE_CONFLICT· 587

EDSG_NOT_SUPPORT· 588

QOS_CAR_APPLYIF_FAIL· 588

QOS_CAR_APPLYUSER_FAIL· 589

QOS_CBWFQ_REMOVED·· 589

QOS_GTS_APPLYIF_FAIL· 590

QOS_GTS_APPLYINT_FAIL· 590

QOS_DIFFSERV_CFG_FAIL· 591

QOS_GTS_APPLYUSER_FAIL· 591

QOS_ITACAR_APPLYUSER_FAIL· 592

QOS_LR_APPLYIF_CONFIGFAIL· 592

QOS_LR_APPLYUSER_FAIL· 593

QOS_MEMORY_WARNING·· 593

QOS_NOT_ENOUGH_BANDWIDTH· 594

QOS_POLICY_APPLYCOPP_CBFAIL· 594

QOS_POLICY_APPLYCOPP_FAIL· 595

QOS_POLICY_APPLYGLOBAL_CBFAIL· 595

QOS_POLICY_APPLYGLOBAL_FAIL· 596

QOS_POLICY_APPLYIF_CBFAIL· 596

QOS_POLICY_APPLYIF_FAIL· 597

QOS_POLICY_APPLYUSER_FAIL· 597

QOS_POLICY_APPLYVLAN_CBFAIL· 598

QOS_POLICY_APPLYVLAN_FAIL· 598

QOS_PRIORITY_APPLYUSER_FAIL· 599

QOS_PROFILE_AUTHOR_FAIL· 599

QOS_QMPROFILE_APPLYIF_FAIL· 600

QOS_QMPROFILE_APPLYINT_FAIL· 601

QOS_QMPROFILE_APPLYUSER_FAIL· 601

QOS_QMPROFILE_MODIFYQUEUE_FAIL· 602

QOS_QMPROFILE_RESTORE_FAIL· 602

QOS_WEIGHT _APPLYUSER_FAIL· 603

RADIUS messages· 603

RADIUS_AUTH_FAILURE· 603

RADIUS_AUTH_SUCCESS· 604

RADIUS_DELETE_HOST_FAIL· 604

RDDC messages· 604

RDDC_ACTIVENODE_CHANGE· 605

RedisDBM messages· 605

REDISDBM_NOTIFY_STATE_SUCCEEDED·· 606

REDISDBM_NOTIFY_STATE_FAILED·· 607

RIP messages· 607

RIP_MEM_ALERT· 607

RIPNG messages· 608

RIPNG_MEM_ALERT· 608

RM messages· 608

RM_ACRT_REACH_LIMIT· 608

RM_ACRT_REACH_THRESVALUE· 609

RM_THRESHLD_VALUE_REACH· 609

RM_TOTAL_THRESHLD_VALUE_REACH· 609

RPR messages· 610

RPR_EXCEED_MAX_SEC_MAC· 610

RPR_EXCEED_MAX_SEC_MAC_OVER· 610

RPR_EXCEED_MAX_STATION· 611

RPR_EXCEED_MAX_STATION_OVER· 611

RPR_EXCEED_RESERVED_RATE· 611

RPR_EXCEED_RESERVED_RATE_OVER· 612

RPR_IP_DUPLICATE· 612

RPR_IP_DUPLICATE_OVER· 612

RPR_JUMBO_INCONSISTENT· 613

RPR_JUMBO_INCONSISTENT_OVER· 613

RPR_LAGGCONFIG_INCONSISTENT· 613

RPR_LAGGCONFIG_INCONSISTENT_OVER· 614

RPR_MISCABLING·· 614

RPR_MISCABLING_OVER· 614

RPR_PROTECTION_INCONSISTENT· 615

RPR_PROTECTION_INCONSISTENT_OVER· 615

RPR_SEC_MAC_DUPLICATE· 615

RPR_SEC_MAC_DUPLICATE_OVER· 616

RPR_TOPOLOGY_INCONSISTENT· 616

RPR_TOPOLOGY_INCONSISTENT_OVER· 616

RPR_TOPOLOGY_INSTABILITY· 617

RPR_TOPOLOGY_INSTABILITY_OVER· 617

RPR_TOPOLOGY_INVALID·· 617

RPR_TOPOLOGY_INVALID_OVER· 618

RRPP messages· 618

RRPP_RING_FAIL· 618

RRPP_RING_RESTORE· 618

RSVP messages· 619

RSVP_FRR_SWITCH· 619

RSVP_P2MP_FRR_SWITCH· 619

RTM messages· 619

RTM_ENVIRONMENT· 620

RTM_TCL_NOT_EXIST· 620

RTM_TCL_MODIFY· 620

RTM_TCL_LOAD_FAILED·· 621

SCMD messages· 621

PROCESS_ABNORMAL· 621

PROCESS_ACTIVEFAILED·· 622

PROCESS_CORERECORD·· 622

SCM_ABNORMAL_REBOOT· 623

SCM_ABNORMAL_REBOOTMDC· 623

SCM_ABORT_RESTORE· 624

SCM_INSMOD_ADDON_TOOLONG·· 624

SCM_KERNEL_INIT_TOOLONG·· 624

SCM_PROCESS_STARTING_TOOLONG·· 625

SCM_PROCESS_STILL_STARTING·· 625

SCM_SKIP_PROCESS· 626

SCM_SKIP_PROCESS· 626

SCRLSP messages· 626

SCRLSP_LABEL_DUPLICATE· 627

SESSION messages· 627

SESSION_DRV_EXCEED·· 627

SESSION_DRV_RECOVERY· 628

SESSION_IPV4_FLOW·· 629

SESSION_IPV6_FLOW·· 630

SFLOW messages· 631

SFLOW_HARDWARE_ERROR· 631

SHELL messages· 631

SHELL_CMD·· 631

SHELL_CMD_CONFIRM·· 632

SHELL_CMD_EXECUTEFAIL· 632

SHELL_CMD_INPUT· 632

SHELL_CMD_INPUT_TIMEOUT· 633

SHELL_CMD_LOCKEDBYOTHER· 633

SHELL_CMD_MATCHFAIL· 633

SHELL_CMDDENY· 634

SHELL_CMDFAIL· 634

SHELL_COMMIT_FAIL· 634

SHELL_COMMIT_ROLLBACK· 635

SHELL_COMMIT_ROLLBACKDONE· 635

SHELL_COMMIT_ROLLBACKFAIL· 635

SHELL_COMMIT_SUCCESS· 636

SHELL_CRITICAL_CMDFAIL· 636

SHELL_LOGIN· 636

SHELL_LOGOUT· 637

SHELL_SAVE_FAILED·· 637

SHELL_SAVE_SUCCESS· 638

SHELL_SAVEPOINT_EXIST· 638

SHELL_SAVEPOINT_FAILED·· 638

SHELL_SAVEPOINT_FAILED·· 639

SLSP messages· 639

SLSP_LABEL_DUPLICATE· 639

SMLK messages· 639

SMLK_LINK_SWITCH· 640

SNMP messages· 640

SNMP_ACL_RESTRICTION· 640

SNMP_AUTHENTICATION_FAILURE· 640

SNMP_GET· 641

SNMP_INFORM_LOST· 641

SNMP_NOTIFY· 642

SNMP_SET· 643

SNMP_USM_NOTINTIMEWINDOW·· 643

SSHC messages· 643

SSHC_ALGORITHM_MISMATCH· 644

SSHS messages· 644

SSHS_ACL_DENY· 644

SSHS_ALGORITHM_MISMATCH· 645

SSHS_AUTH_EXCEED_RETRY_TIMES· 645

SSHS_AUTH_FAIL· 646

SSHS_AUTH_TIMEOUT· 646

SSHS_CONNECT· 646

SSHS_DECRYPT_FAIL· 647

SSHS_DISCONNECT· 647

SSHS_ENCRYPT_FAIL· 647

SSHS_LOG·· 648

SSHS_MAC_ERROR· 648

SSHS_REACH_SESSION_LIMIT· 648

SSHS_REACH_USER_LIMIT· 649

SSHS_SCP_OPER· 649

SSHS_SFTP_OPER· 650

SSHS_SRV_UNAVAILABLE· 650

SSHS_VERSION_MISMATCH· 651

STAMGR messages· 651

STAMGR_ADD_FAILVLAN· 651

STAMGR_ADDBAC_INFO·· 651

STAMGR_ADDSTA_INFO·· 652

STAMGR_AUTHORACL_FAILURE· 652

STAMGR_AUTHORUSERPROFILE_FAILURE· 653

STAMGR_CLIENT_OFFLINE· 653

STAMGR_CLIENT_ONLINE· 654

STAMGR_DELBAC_INFO·· 654

STAMGR_DELSTA_INFO·· 654

STAMGR_DOT1X_LOGIN_FAILURE· 655

STAMGR_DOT1X_LOGIN_SUCC· 655

STAMGR_DOT1X_LOGOFF· 656

STAMGR_MACA_LOGIN_FAILURE· 656

STAMGR_MACA_LOGIN_SUCC· 657

STAMGR_MACA_LOGOFF· 657

STAMGR_STAIPCHANGE_INFO·· 658

STAMGR_TRIGGER_IP· 658

STP messages· 658

STP_BPDU_PROTECTION· 659

STP_BPDU_RECEIVE_EXPIRY· 659

STP_CONSISTENCY_RESTORATION· 659

STP_DETECTED_TC· 660

STP_DISABLE· 660

STP_DISCARDING·· 660

STP_ENABLE· 661

STP_FORWARDING·· 661

STP_LOOP_PROTECTION· 661

STP_NOT_ROOT· 662

STP_NOTIFIED_TC· 662

STP_PORT_TYPE_INCONSISTENCY· 662

STP_PVID_INCONSISTENCY· 663

STP_PVST_BPDU_PROTECTION· 663

STP_ROOT_PROTECTION· 663

STRUNK·· 664

STRUNK_DROPPACKET_INCONSISTENCY· 664

STRUNK_MEMBER_ROLE_CHANGE· 665

STRUNK_PDUINTERVAL_MISMATCH· 666

STRUNK_RECEIVE_TIMEOUT· 666

STRUNK_ROLE_CHANGE· 667

SYSLOG messages· 667

SYSLOG_FILE_DECOMPRESS_ERROR· 668

SYSLOG_LOGFILE_FULL· 668

SYSLOG_RESTART· 668

SYSLOG_RTM_EVENT_BUFFER_FULL· 669

TACACS messages· 669

TACACS_AUTH_FAILURE· 669

TACACS_AUTH_SUCCESS· 670

TACACS_DELETE_HOST_FAIL· 670

TBDL messages· 670

TBDL_SWICH_P· 671

TBDL_SWICH_W·· 671

TE messages· 671

TE_BACKUP_SWITCH· 672

TE_MBB_SWITCH· 673

TE_TUNNEL_NESTING·· 673

TE_LABEL_DUPLICATE· 674

TELNETD messages· 674

TELNETD_ACL_DENY· 674

TELNETD_REACH_SESSION_LIMIT· 675

TRILL messages· 675

TRILL_DUP_SYSTEMID·· 675

TRILL_INTF_CAPABILITY· 676

TRILL_LICENSE_EXPIRED·· 676

TRILL_MEM_ALERT· 676

TRILL_NBR_CHG·· 677

TRILL_NO_LICENSE· 677

UCM·· 677

UCM_SESSIONS_LOWER_THRESHOLD·· 678

UCM_SESSIONS_RECOVER_NORMAL· 678

UCM_SESSIONS_UPPER_THRESHOLD·· 678

USER_LOGON_SUCCESS· 679

USER_TRACEINFO·· 680

UPMGR messages· 713

UPMGR_CP_PROTOCOL_STATE_CHANGE· 714

UPMGR_UP_PROTOCOL_STATE_CHANGE· 714

VLAN messages· 714

VLAN_FAILED·· 715

VLAN_VLANMAPPING_FAILED·· 715

VLAN_VLANTRANSPARENT_FAILED·· 715

VRRP messages· 716

VRRP_STATUS_CHANGE· 716

VRRP_VF_STATUS_CHANGE· 717

VRRP_VMAC_INEFFECTIVE· 717

VSRP messages· 717

VSRP_BIND_FAILED·· 718

VXLAN messages· 718

VXLAN_LICENSE_UNAVAILABLE· 718

WEB messages· 718

LOGIN· 719

LOGIN_FAILED·· 719

LOGOUT· 719

 


Introduction

This document includes the following system messages:

·     Messages specific to the switch.

·     Messages for the Comware 7 software platform version based on which the switch release was produced. Some platform system messages might not be available on the switch.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

·     Log host:

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

·     Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

 

 

NOTE:

Log message examples in this document use the format for destinations except the log host. They do not contain elements available only for the log host, including the location element.

 

Table 1 System log message elements

Element

Description

<PRI>

Priority identifier. It is calculated by using the following formula:

Priority identifier=facilityx8+severity

Where:

·     Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages.

·     Severity represents the importance of the message. For more information about severity levels, see Table 2.

Prefix

Message type identifier. This element is contained in the system log messages sent to non-log-host destinations.

The element uses the following symbols to indicate message severity:

·     Percentage sign (%)—Informational and higher levels.

·     Asterisk (*)—Debug level.

TIMESTAMP

Date and time when the event occurred.

The following are commands for configuring the timestamp format:

·     Log host—Use the info-center timestamp loghost command.

·     Non-log host destinations—Use the info-center timestamp command.

Sysname

Name or IP address of the device that generated the message.

%%vendor

Manufacturer flag. This element is %%10 for H3C.

This element is contained only in messages sent to the log host.

MODULE

Name of the module that produced the message.

severity

Severity level of the message. (For more information about severity levels, see Table 2.)

MNEMONIC

Text string that uniquely identifies the system message. The maximum length is 32 characters.

location

Optional. This element identifies where the message occurred. This element is contained only in messages sent to the log host.

This element presents location information for the message in the following format:

-attribute1=x-attribute2=y…-attributeN=z

The following are examples of location attributes:

·     -MDC=XX, which represents the MDC on which the message occurred.

·     -DevIp=XXX.XXX.XXX.XXX, which represents the source IP of the message.

·     -Slot=XX, which represents the slot on which the message occurred.

·     -Chassis=XX-Slot=XX, which represents the chassis and slot on which the message occurred.

This element is separated from the message description by using a semicolon (;).

CONTENT

Text string that contains detailed information about the event or error.

For variable fields in this element, this document uses the representations in Table 3.

 

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.

Table 2 System log message severity levels

Level

Severity

Description

0

Emergency

The system is unusable. For example, the system authorization has expired.

1

Alert

Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.

2

Critical

Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.

3

Error

Error condition. For example, the link state changes or a storage card is unplugged.

4

Warning

Warning condition. For example, an interface is disconnected, or the memory resources are used up.

5

Notification

Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.

6

Informational

Informational message. For example, a command or a ping operation is executed.

7

Debug

Debugging message.

 

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation

Information type

INT16

Signed 16-bit decimal number.

UINT16

Unsigned 16-bit decimal number.

INT32

Signed 32-bit decimal number.

UINT32

Unsigned 32-bit decimal number.

INT64

Signed 64-bit decimal number.

UINT64

Unsigned 64-bit decimal number.

DOUBLE

Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].

HEX

Hexadecimal number.

CHAR

Single character.

STRING

Character string.

IPADDR

IP address.

MAC

MAC address.

DATE

Date.

TIME

Time.

 

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, monitor terminal, log buffer, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

·     To display log messages on the monitor terminal, you must configure the terminal monitor command.

·     For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

 

 

NOTE:

Settings for the terminal monitor and terminal logging level commands take effect only on the current login session. The default settings for the commands restore at a relogin.

 

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/.

To view the contents of the log file on the device, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 4 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.

Table 4 Software module list

Module name representation

Module name expansion

AAA

Authentication, Authorization and Accounting

ACL

Access Control List

AFT

Address Family Translation

ANCP

Access Node Control Protocol

APMGR

Access Point Management

ARP

Address Resolution Protocol

ATK

Attack Detection and Prevention

ATM

Asynchronous Transfer Mode

BFD

Bidirectional Forwarding Detection

BGP

Border Gateway Protocol

BLS

Blacklist

CFD

Connectivity Fault Detection

CFGMAN

Configuration Management

CLKM

Clock Management

CONNLMT

Connection Limit

DEV

Device Management

DHCP

Dynamic Host Configuration Protocol

DHCPR

IPv4 DHCP Relay

DHCPS

DHCP Server

DHCPS6

DHCPv6 Server

DHCPSP4

DHCP Snooping

DHCPSP6

DHCPv6 Snooping

DIAG

Diagnosis

DLDP

Device Link Detection Protocol

DOT1X

802.1X

DP

Data plane backup

EDEV

Extended-Device Management

EIGRP

Enhanced Interior Gateway Routing Protocol

ERPS

Ethernet Ring Protection Switching

ETH

Ethernet

ETHOAM

Ethernet Operation, Administration and Maintenance

EVB

Edge Virtual Bridging

EVIISIS

Ethernet Virtual Interconnect Intermediate System-to-Intermediate System

FCLINK

Fibre Channel Link

FCOE

Fibre Channel Over Ethernet

FCZONE

Fibre Channel Zone

FIB

Forwarding Information Base

FILTER

Filter

FIPSNG

FIP Snooping

FTP

File Transfer Protocol

gRPC

Google Remote Procedure Call

HA

High Availability

HQOS

Hierarchical QoS

HTTPD

Hypertext Transfer Protocol Daemon

IFNET

Interface Net Management

IKE

Internet Key Exchange

IP6ADDR

IPv6 Addressing

IP6FW

IPv6 Forwarding

IPADDR

IP Addressing

IPFW

IP Forwarding

IPOE

IP over Ethernet

IPSEC

IP Security

IPSG

IP Source Guard

IRDP

ICMP Router Discovery Protocol

IRF

Intelligent Resilient Framework

ISIS

Intermediate System-to-Intermediate System

ISSU

In-Service Software Upgrade

L2PT

Layer 2 Protocol Tunneling

L2TPV2

Layer 2 Tunneling Protocol Version 2

L2VPN

Layer 2 VPN

LAGG

Link Aggregation

LDP

Label Distribution Protocol

LLDP

Link Layer Discovery Protocol

LOAD

Load Management

LOCAL

Local

LOGIN

Login

LPDT

Loopback Detection

LS

Local Server

LSM

Label Switch Management

LSPV

LSP Verification

MAC

Media Access Control

MACA

MAC Authentication

MACSEC

MAC Security

MBFD

MPLS BFD

MBUF

Memory Buffer

MDC

Multitenant Device Context

MFIB

Multicast Forwarding Information Base

MGROUP

Mirroring group

MPLS

Multiprotocol Label Switching

MTLK

Monitor Link

MTP

Maintenance Probe

NAT

Network Address Translation

ND

Neighbor Discovery

NETCONF

Network Configuration Protocol

NQA

Network Quality Analyzer

NTP

Network Time Protocol

OBJP

Object Policy

OFP

OpenFlow Protocol

OPENSRC (RSYNC)

Open Source (Remote Synchronization)

OPTMOD

Optical Module

OSPF

Open Shortest Path First

OSPFV3

Open Shortest Path First Version 3

PBB

Provider Backbone Bridge

PBR

Policy-Based Routing

PCE

Path Computation Element

PEX

Port Extender

PFILTER

Packet Filter

PIM

Protocol Independent Multicast

PING

Packet Internet Groper

PKI

Public Key Infrastructure

PKT2CPU

Packet to CPU

PKTCPT

Packet Capture

PORTAL

Portal

PORTSEC

Port Security

PPP

Point to Point Protocol

PTP

Precision Time Protocol

PWDCTL

Password Control

QOS

Quality of Service

RADIUS

Remote Authentication Dial In User Service

RDDC

Redundancy

REDISDBM

Redis Database Manager

RIP

Routing Information Protocol

RIPNG

Routing Information Protocol Next Generation

RM

Routing Management

RPR

Resilient Packet Ring

RRPP

Rapid Ring Protection Protocol

RSVP

Resource Reservation Protocol

RTM

Real-Time Event Manager

SCM

Service Control Manager

SCRLSP

Static CRLSP

SESSION

Session

SFLOW

Sampler Flow

SHELL

Shell

SLSP

Static LSP

SMLK

Smart Link

SNMP

Simple Network Management Protocol

SSHC

Secure Shell Client

SSHS

Secure Shell Server

STAMGR

Station Management

STM

Stack Topology Management

STP

Spanning Tree Protocol

STRUNK

Smart Trunk

SYSEVENT

System Event

SYSLOG

System Log

TACACS

Terminal Access Controller Access Control System

TE

Traffic Engineering

TELNETD

Telnet Daemon

TRILL

Transparent Interconnect of Lots of Links

UCM

User Connection Management

UPMGR

User Plane Management

VLAN

Virtual Local Area Network

VRRP

Virtual Router Redundancy Protocol

VSRP

Virtual Service Redundancy Protocol

VXLAN

Virtual eXtensible LAN

WEB

Web

WIPS

Wireless Intrusion Prevention System

 

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.

This document explains messages in tables. Table 5 describes information provided in these tables.

Table 5 Message explanation table contents

Item

Content

Example

Message text

Presents the message description.

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

Briefly describes the variable fields in the order that they appear in the message text.

The variable fields are numbered in the "$Number" form to help you identify their location in the message text.

$1: ACL number.

$2: ID and content of an ACL rule.

$3: Number of packets that matched the rule.

Severity level

Provides the severity level of the message.

6

Example

Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

Explains the message, including the event or error cause.

Number of packets that matched an ACL rule. This message is sent when the packet counter changes.

Recommended action

Provides recommended actions. For informational messages, no action is required.

No action is required.

 

AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

5

Example

AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.

Explanation

An AAA request was rejected.

The following are the common reasons:

·     No response was received from the server.

·     The username or password was incorrect.

·     The service type that the user applied for was incorrect.

Recommended action

1.     Verify that the device is correctly connected to the server.

2.     Enter the correct username and password.

3.     Verify that the server settings are the same as the settings on the device.

4.     If the problem persists, contact H3C Support.

 

AAA_LAUNCH

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.

Explanation

An AAA request was received.

Recommended action

No action is required.

 

AAA_SUCCESS

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.

Explanation

An AAA request was accepted.

Recommended action

No action is required.

 

 

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text

Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.

Explanation

Hardware resources were insufficient for accelerating an ACL.

Recommended action

Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

 

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text

Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.

Explanation

ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORT

Message text

Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.

Explanation

ACL acceleration failed because the system does not support ACL acceleration.

Recommended action

No action is required.

 

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_UNK_ERR

Message text

Failed to accelerate [STRING] ACL [UINT32].

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.

Explanation

ACL acceleration failed because of an unknown error.

Recommended action

No action is required.

 

ACL_IPV6_STATIS_INFO

Message text

IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv6 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).

Explanation

The number of packets matching the IPv6 ACL rule changed.

Recommended action

No action is required.

 

ACL_NO_MEM

Message text

Failed to configure [STRING] ACL [UINT] due to lack of memory.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

3

Example

ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.

Explanation

Configuring the ACL failed because memory is insufficient.

Recommended action

Use the display memory-threshold command to check the memory usage.

 

ACL_STATIS_INFO

Message text

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv4 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

The number of packets matching the IPv4 ACL rule changed.

Recommended action

No action is required.

 

AFT messages

This section contains AFT messages.

AFT_ADDRESS_CONFLICT

Message text

Address range (StartIp=[ IPADDR];EndIp=[ IPADDR]) assigned by the CP conflicts with an existing address group.

Variable fields

$1: Start IPv4 address.

$2: End IPv4 address.

Severity level

6

Example

AFT/6/AFT_ADDRESS_CONFLICT: Address range (StartIp=1.1.0.0;EndIp=1.1.0.255) assigned by the CP conflicts with an existing address group.

Explanation

On the control-/user-plane separated network, the address range that the CP assigned to the UP conflicts with an existing AFT address group on the UP.

Recommended action

Modify the AFT address group configuration on the UP.

 

AFT_LOG_FLOW

Message text

AFT PORTBLOCK was [STRING]: IPv6addr=[IPADDR]; VPNNameV6=[STRING]; ipv4addr=[IPADDR]; VPNNameV4=[STRING]; PortBlockSize=[UINT16]-[UINT16]; BeginTime_e=[STRING]; EndTime_e=[STRING].

Variable fields

$1: Event type:

¡     allocated—Port block assignment.

¡     free—Port block release.

$2: IPv6 address.

$3: Name of the VPN instance to which the IPv6 address belongs.

$4: IPv4 address.

$5: Name of the VPN instance to which the IPv4 address belongs..

$6: Start port number of a port block that is assigned.

$7: End port number of a port block that is assigned.

$8: Time when the port block is assigned.

$9: Time when the port block is released.

Severity level

6

Example

AFT/6/AFT_LOG_FLOW: AFT PORTBLOCK was free: IPv6addr=1000::1b; VPNNameV6=-; IPv4addr=10.0.0.140; VPNNameV4=-; PortBlockSize=1024-1535; BeginTime_e=03232017053558; EndTime_e=03232017065040.

Explanation

This message is generated when the port block is released or allocated.

Recommended action

No action is required.

 

AFT_V6TOV4_FLOW

Message text

Protocol(1001)= [STRING];SrcIPv6Addr(1036)= [IPADDR];SrcPort(1004)= [UINT16];NatSrcIPAddr(1005)= [IPADDR];NatSrcPort(1006)= [UINT16];DstIPv6Addr(1037)= [IPADDR];DstPort(1008)= [UINT16];NatDstIPAddr(1009)= [IPADDR];NatDstPort(1010)= [UINT16];InitPktCount(1044)= [UINT32];InitByteCount(1046)= [UINT32];RplyPktCount(1045)= [UINT32];RplyByteCount(1047)= [UINT32];RcvVPNInstance(1042)= [STRING];SndVPNInstance(1043)= [STRING];BeginTime_e(1013)= [STRING];EndTime_e(1014)= [STRING];Event(1048)= ([UNIT16])[STRING].

Variable fields

$1: Protocol type.

$2: Source IPv6 address.

$3: Source port number.

$4: Source IP address after translation.

$5: Source port number after translation.

S6: Destination IPv6 address.

$7: Destination port number.

$8: Destination IP address after translation.

$9: Destination port number after translation.

$10: Total number of incoming packets.

$11: Total number of incoming bytes.

$12: Total number of outgoing packets.

$13: Total number of outgoing bytes.

$14: Source VPN instance name.

$15: Destination VPN instance name.

$16: Time when the session is established.

$17: Time when the session is removed.

$18: Event type.

$19: Event description:

¡     Session created.

¡     Session ended.

¡     Session aged out.

¡     Session deleted through configuration.

¡     Other.

Severity level

6

Example

AFT/6/AFT_V6TOV4_FLOW: Protocol(1001)=IPv6-ICMP;SrcI

Pv6Addr(1036)=1000::10;SrcPort(1004)=1;NatSrcIPAddr(1005)=9.9.9.9;NatSrcPort(100

6)=1027;DstIPv6Addr(1037)=2000::201:102;DstPort(1008)=32768;NatDstIPAddr(1009)=2

.1.1.2;NatDstPort(1010)=2048;InitPktCount(1044)=177411959;InitByteCount(1046)=21

22604543;RplyPktCount(1045)=1895856127;RplyByteCount(1047)=30720;RcvVPNInstance(

1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=05052017134514;EndTime_e(1014)=;E

vent(1048)=(8)Session created.

Explanation

This message is generated when an IPv6-initiated session is established or deleted.

Recommended action

No action is required.

 

AFT_V4TOV6_FLOW

Message text

Protocol(1001)= [STRING]; SrcIPAddr(1003)= [IPADDR];SrcPort(1004)= [UINT16]; NatSrcIPv6Addr(1038)= [IPADDR];NatSrcPort(1006)= [UINT16]; DstIPAddr(1003)= [IPADDR];DstPort(1008)= [UINT16]; NatDstIPv6Addr(1039)= [IPADDR];NatDstPort(1010)= [UINT16];InitPktCount(1044)= [UINT32];InitByteCount(1046)= [UINT32];RplyPktCount(1045)= [UINT32];RplyByteCount(1047)= [UINT32];RcvVPNInstance(1042)= [STRING];SndVPNInstance(1043)= [STRING];BeginTime_e(1013)= [STRING];EndTime_e(1014)= [STRING];Event(1048)= ([UNIT16])[STRING].

Variable fields

$1: Protocol type.

$2: Source IPv6 address.

$3: Source port number.

$4: Source IP address after translation.

$5: Source port number after translation.

S6: Destination IPv6 address.

$7: Destination port number.

$8: Destination IP address after translation.

$9: Destination port number after translation.

$10: Total number of incoming packets.

$11: Total number of incoming bytes.

$12: Total number of outgoing packets.

$13: Total number of outgoing bytes.

$14: Source VPN instance name.

$15: Destination VPN instance name.

$16: Time when the session is established.

$17: Time when the session is removed.

$18: Event type.

$19: Event description:

¡     Session created.

¡     Session ended.

¡     Session aged out.

¡     Session deleted through configuration.

¡     Other.

Severity level

6

Example

AFT/6/AFT_V4TOV6_FLOW: Protocol(1001)=ICMP;SrcIPAddr(1003

)=2.1.1.4;SrcPort(1004)=197;NatSrcIPv6Addr(1038)=2000::201:104;NatSrcPort(1006)=

197;DstIPAddr(1003)=5.5.5.5;DstPort(1008)=2048;NatDstIPv6Addr(1039)=1000::;NatDs

tPort(1010)=32768;InitPktCount(1044)=2092588805;InitByteCount(1046)=1166331903;R

plyPktCount(1045)=1895856127;RplyByteCount(1047)=30720;RcvVPNInstance(1042)=;Snd

VPNInstance(1043)=;BeginTime_e(1013)=05052017152731;EndTime_e(1014)=;Event(1048)

=(8)Session created.

Explanation

This message is generated when an IPv4-initiated session is established or deleted.

Recommended action

No action is required.

 

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text

-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING];The [STRING] value [STRING] is wrong, and the value [STRING] is expected.

Variable fields

$1: ANCP neighbor name.

$2: Neighbor state.

$3: Message type.

$4: Field.

$5: Wrong value of the field.

$6: Expected value of the field.

Severity level

6

Example

ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK;The Sender Instance value 0 is wrong, and the value 1 is expected.

Explanation

The system received an adjacency message that had a field with a wrong value.

Recommended action

No action is required.

 

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text

No ARP reply from IP [STRING] was received on interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.

Explanation

The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message.

This message indicates the risk of attacks.

Recommended action

1.     Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first.

2.     If the ARP entries are correct and the attack continues, contact H3C Support.

 

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text

Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.

Variable fields

$1: Interface name.

$2: IP address.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface Ethernet0/1/0 received from IP 192.168.10.1 an ARP reply that was not requested by the device.

Explanation

The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP.

This message indicates the risk of attacks.

Recommended action

No action is required. The device discards the ARP reply automatically.

 

ARP_BINDRULETOHW_FAILED

Message text

Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].

Variable fields

$1: Interface name.

$2: Source IP address.

$3: Source MAC address.

$4: VLAN ID.

$5: Gateway MAC address.

Severity level

5

Example

ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface Ethernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.

Explanation

The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations:

·     The resources are not sufficient for the operation.

·     The memory is not sufficient for the operation.

·     A hardware error occurs.

Recommended action

To resolve the problem:

1.     Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient.

¡     If yes, proceed to step 2.

¡     If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2.

2.     Execute the display memory command to check if the memory for the operation is sufficient.

¡     If yes, proceed to step 3.

¡     If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3.

3.     Delete the configuration and perform the operation again.

 

ARP_DUPLICATE_IPADDR_DETECT

Message text

Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR].

Variable fields

$1: MAC address.

$2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$3: VSI name.

$4: MAC address.

$5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$6: VSI name.

$7: Conflicting IP address.

Severity level

6

Example

ARP/6/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface Ethernet0/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1.

Explanation

This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different.

Recommended action

Change the IP address on either of the two devices.

 

ARP_DYNAMIC

Message text

The maximum number of dynamic ARP entries for the device reached.

Variable fields

N/A

Severity level

3

Example

ARP/3/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached.

Explanation

The maximum number of dynamic ARP entries for the device was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_IF

Message text

The maximum number of dynamic ARP entries for interface [STRING] reached.

Variable fields

$1: Interface name.

Severity level

2

Example

ARP/3/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached.

Explanation

The maximum number of dynamic ARP entries for the specified interface was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_SLOT

Message text

Pattern 1:

The maximum number of dynamic ARP entries for slot [INT32] reached.

Pattern 2:

The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached.

Variable fields

Pattern 1:

$1: Slot number.

Pattern 2:

$1: Slot number.

$2: Chassis number.

Severity level

3

Example

ARP/3/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached.

ARP/3/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for chassis 1 slot 2 reached.

Explanation

Pattern 1:

The maximum number of dynamic ARP entries for the slot was reached.

Pattern 2:

The maximum number of dynamic ARP entries for the slot on the chassis was reached.

Recommended action

No action is required.

 

ARP_ENTRY_CONFLICT

Message text

The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING].

Variable fields

$1: IP address.

$2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network.

$3: Inconsistent items:

¡     MAC address.

¡     output interface.

¡     output port.

¡     outermost layer VLAN ID.

¡     second outermost layer VLAN ID.

¡     VSI index.

¡     link ID.

Severity level

6

Example

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

Explanation

The software entry for the specified IP address was not the same as the hardware entry. For example, they did not have the same output interface.

Recommended action

No action is required. ARP automatically refreshes the hardware entries.

 

ARP_HOST_IP_CONFLICT

Message text

The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: Interface name.

Severity level

4

Example

ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.

Explanation

The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.

Recommended action

Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

 

ARP_RATE_EXCEEDED

Message text

The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.

Variable fields

$1: ARP packet rate.

$2: ARP limit rate.

$3: Interface name.

$4: Interval time.

Severity level

4

Example

ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface Ethernet0/1/0 in the last 10 seconds.

Explanation

An interface received ARP messages at a higher rate than the rate limit.

Recommended action

Verify that the hosts at the sender IP addresses are legitimate.

 

ARP_RATELIMIT_NOTSUPPORT

Message text

Pattern 1:

ARP packet rate limit is not support on slot [UINT32].

Pattern 2:

ARP packet rate limit is not support on chassis [UINT32] slot [UINT32].

Variable fields

Pattern 1:

$1: Slot number.

Pattern 2:

$1: Slot number.

$2: Chassis number.

Severity level

6

Example

ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2.

Explanation

Pattern 1:

ARP packet rate limit was not supported on the slot.

Pattern 2:

ARP packet rate limit was not supported on the slot of the chassis was reached.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_IP_INVALID

Message text

Sender IP [STRING] was not on the same network as the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.

Explanation

The sender IP of a received ARP message was not on the same network as the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_MAC_INVALID

Message text

Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].

Variable fields

$1: MAC address.

$2: MAC address.

$3: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.

Explanation

An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.

Recommended action

Verify that the host at the sender MAC address is legitimate.

 

ARP_SRC_MAC_FOUND_ATTACK

Message text

An attack from MAC [STRING] was detected on interface [STRING].

Variable fields

$1: MAC address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.

Explanation

The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold.

This message indicates the risk of attacks.

Recommended action

Verify that the host at the source MAC address is legitimate.

 

ARP_TARGET_IP_INVALID

Message text

Target IP [STRING] was not the IP of the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface Ethernet0/1/0.

Explanation

The target IP address of a received ARP message was not the IP address of the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

DUPIFIP

Message text

Duplicate address [STRING] on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC Address.

Severity level

6

Example

ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface Ethernet1/1/1, sourced from 0015-E944-A947.

Explanation

ARP detected a duplicate address.

The sender IP in the received ARP packet was being used by the receiving interface.

Recommended action

Modify the IP address configuration.

 

DUPIP

Message text

IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].

Variable fields

$1: IP address.

$2: MAC Address.

Severity level

6

Example

ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.

Explanation

The sender IP address of the received ARP packet conflicted with the global or imported IP address.

Recommended action

Modify the IP address configuration.

 

DUPVRRPIP

Message text

IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC address.

Severity level

6

Example

ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface Ethernet1/1/1, sourced from 0015-E944-A947.

Explanation

The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.

Recommended action

Modify the IP address configuration.

 

L3_COMMON

Message text

Pattern 1:

The Board on slot [INT32] doesn't support the ARP safe-guard function.

Pattern 2:

The Board on chassis t [INT32] slot [INT32] doesn't support the ARP safe-guard function.

Variable fields

Pattern 1:

$1: Slot number.

Pattern 2:

$1: Slot number.

$2: Chassis number.

Severity level

4

Example

L3/4/L3_COMMON: -MDC=1-Slot=5; The Board on slot 5 doesn't support the ARP safe-guard function.

Explanation

Pattern 1:

The slot did not support the ARP safe-guard feature.

Pattern 2:

The slot of the chassis did not support the ARP safe-guard feature.

Recommended action

Use a card that supports the ARP safe-guard feature.

 

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ:IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW:IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ:IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ:IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL:IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--;DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW:IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ:IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ:IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ:IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW:IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ:IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_SZ:IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL:IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW:IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ:IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_SZ:IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD:RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD_SZ

Message text

SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Source security zone name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD_SZ:SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ:IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW:IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, thi s message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ:IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_SZ:IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL:IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW:IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ:IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_SZ:IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_LARGE_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM:IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW:IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ:IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_SZ:IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT:IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW:IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW_SZ:IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_SZ:IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging;BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_SMURF

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_RAW:RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time a request is received.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_RAW_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time a request is received.

Recommended action

No action is required.

 

ATK_ICMP_SMURF_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF_SZ:SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--;Action(1049)=logging; BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses:

·     A broadcast or network address of A, B, or C class.

·     An IP address of D or E class.

·     The broadcast or network address of the network where the receiving interface resides.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_SOURCEQUENCH:IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP source quench logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_SOURCEQUENCH_RAW:IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ:IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.

Recommended action

No action is required.

 

ATK_ICMP_SOURCEQUENCH_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_SOURCEQUENCH_SZ:IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP source quench logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_TIMEEXCEED

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.