H3C S7500E Release 7568 System Log Message Reference-6W100

HomeSupportResource CenterSwitchesH3C S7500E Switch SeriesH3C S7500E Switch SeriesTechnical DocumentsReference GuidesLog Message ReferencesH3C S7500E Release 7568 System Log Message Reference-6W100

 

S7500E System Log Messages Reference

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

H3C_彩色.emf

 


Contents

Introduction· 1

System log message format 1

Managing and obtaining system log messages· 3

Obtaining log messages from the console terminal 3

Obtaining log messages from a monitor terminal 3

Obtaining log messages from the log buffer 3

Obtaining log messages from the log file· 3

Obtaining log messages from a log host 4

Software module list 4

Using this document 6

AAA messages· 7

AAA_FAILURE· 7

AAA_LAUNCH·· 8

AAA_SUCCESS· 8

ACL messages· 8

ACL_ACCELERATE_NO_RES· 9

ACL_ACCELERATE_NONCONTIGUOUSMASK· 9

ACL_ACCELERATE_NOT_SUPPORT· 9

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP· 10

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG·· 10

ACL_ACCELERATE_UNK_ERR·· 10

ACL_IPV6_STATIS_INFO·· 11

ACL_NO_MEM·· 11

ACL_STATIS_INFO·· 11

ANCP messages· 11

ANCP_INVALID_PACKET· 12

APMGR messages· 12

APMGR_AC_MEM_ALERT· 12

APMGR_ADD_AP_FAIL· 13

APMGR_ADDBAC_INFO·· 13

APMGR_AP_OFFLINE· 13

APMGR_AP_ONLINE· 14

APMGR_CWC_IMG_DOWNLOAD_COMPLETE· 14

APMGR_CWC_IMG_DOWNLOAD_START· 14

APMGR_CWC_IMG_NO_ENOUGH_SPACE· 15

APMGR_CWC_LOCAL_AC_DOWN·· 15

APMGR_CWC_LOCAL_AC_UP· 15

APMGR_CWC_REBOOT· 16

APMGR_CWC_RUN_DOWNLOAD_COMPLETE· 16

APMGR_CWC_RUN_DOWNLOAD_START· 16

APMGR_CWC_RUN_NO_ENOUGH_SPACE· 17

APMGR_CWC_TUNNEL_DOWN·· 17

APMGR_CWC_TUNNEL_UP· 18

APMGR_CWS_IMG_DOWNLOAD_COMPLETE· 18

APMGR_CWS_IMG_DOWNLOAD_START· 18

APMGR_CWS_LOCAL_AC_DOWN·· 19

APMGR_CWS_LOCAL_AC_UP· 19

APMGR_CWS_RUN_DOWNLOAD_COMPLETE· 20

APMGR_CWS_RUN_DOWNLOAD_START· 20

APMGR_CWS_TUNNEL_DOWN·· 21

APMGR_CWS_TUNNEL_UP· 21

APMGR_DELBAC_INFO·· 22

APMGR_LOCAL_AC_OFFLINE· 22

APMGR_LOCAL_AC_ONLINE· 22

ARP messages· 22

ARP_ACTIVE_ACK_NO_REPLY· 23

ARP_ACTIVE_ACK_NOREQUESTED_REPLY· 23

ARP_BINDRULETOHW_FAILED·· 24

ARP_DETECTION_LOG·· 24

ARP_DUPLICATE_IPADDR_DETECT· 25

ARP_DYNAMIC·· 25

ARP_DYNAMIC_IF· 26

ARP_DYNAMIC_SLOT· 26

ARP_ENTRY_CONFLICT· 27

ARP_HOST_IP_CONFLICT· 27

ARP_LOCALPROXY_ENABLE_FAILED·· 28

ARP_RATE_EXCEEDED·· 28

ARP_RATELIMIT_NOTSUPPORT· 29

ARP_SENDER_IP_INVALID·· 29

ARP_SENDER_MAC_INVALID·· 30

ARP_SENDER_SMACCONFLICT· 30

ARP_SENDER_SMACCONFLICT_VSI 31

ARP_SRC_MAC_FOUND_ATTACK· 31

ARP_SUP_ENABLE_FAILED·· 32

ARP_TARGET_IP_INVALID·· 32

ARP_THRESHOLD_REACHED·· 32

DUPIFIP· 33

DUPIP· 33

DUPVRRPIP· 33

ATK messages· 34

ATK_ICMP_ADDRMASK_REQ·· 34

ATK_ICMP_ADDRMASK_REQ_RAW·· 35

ATK_ICMP_ADDRMASK_REQ_RAW_SZ· 36

ATK_ICMP_ADDRMASK_REQ_SZ· 37

ATK_ICMP_ADDRMASK_RPL· 38

ATK_ICMP_ADDRMASK_RPL_RAW·· 39

ATK_ICMP_ADDRMASK_RPL_RAW_SZ· 40

ATK_ICMP_ADDRMASK_RPL_SZ· 41

ATK_ICMP_ECHO_REQ·· 42

ATK_ICMP_ECHO_REQ_RAW·· 43

ATK_ICMP_ECHO_REQ_RAW_SZ· 44

ATK_ICMP_ECHO_REQ_SZ· 45

ATK_ICMP_ECHO_RPL· 46

ATK_ICMP_ECHO_RPL_RAW·· 47

ATK_ICMP_ECHO_RPL_RAW_SZ· 48

ATK_ICMP_ECHO_RPL_SZ· 49

ATK_ICMP_FLOOD·· 50

ATK_ICMP_FLOOD_SZ· 50

ATK_ICMP_INFO_REQ·· 51

ATK_ICMP_INFO_REQ_RAW·· 52

ATK_ICMP_INFO_REQ_RAW_SZ· 53

ATK_ICMP_INFO_REQ_SZ· 54

ATK_ICMP_INFO_RPL· 55

ATK_ICMP_INFO_RPL_RAW·· 56

ATK_ICMP_INFO_RPL_RAW_SZ· 57

ATK_ICMP_INFO_RPL_SZ· 58

ATK_ICMP_LARGE· 59

ATK_ICMP_LARGE_RAW·· 59

ATK_ICMP_LARGE_RAW_SZ· 60

ATK_ICMP_LARGE_SZ· 60

ATK_ICMP_PARAPROBLEM·· 61

ATK_ICMP_PARAPROBLEM_RAW·· 62

ATK_ICMP_PARAPROBLEM_RAW_SZ· 63

ATK_ICMP_PARAPROBLEM_SZ· 64

ATK_ICMP_PINGOFDEATH·· 65

ATK_ICMP_PINGOFDEATH_RAW·· 66

ATK_ICMP_PINGOFDEATH_RAW_SZ· 66

ATK_ICMP_PINGOFDEATH_SZ· 67

ATK_ICMP_REDIRECT· 68

ATK_ICMP_REDIRECT_RAW·· 69

ATK_ICMP_REDIRECT_RAW_SZ· 70

ATK_ICMP_REDIRECT_SZ· 71

ATK_ICMP_SMURF· 72

ATK_ICMP_SMURF_RAW·· 73

ATK_ICMP_SMURF_RAW_SZ· 74

ATK_ICMP_SMURF_SZ· 75

ATK_ICMP_SOURCEQUENCH·· 76

ATK_ICMP_SOURCEQUENCH_RAW·· 77

ATK_ICMP_SOURCEQUENCH_RAW_SZ· 78

ATK_ICMP_SOURCEQUENCH_SZ· 79

ATK_ICMP_TIMEEXCEED·· 80

ATK_ICMP_TIMEEXCEED_RAW·· 81

ATK_ICMP_TIMEEXCEED_RAW_SZ· 82

ATK_ICMP_TIMEEXCEED_SZ· 83

ATK_ICMP_TRACEROUTE· 84

ATK_ICMP_TRACEROUTE_RAW·· 84

ATK_ICMP_TRACEROUTE_RAW_SZ· 85

ATK_ICMP_TRACEROUTE_SZ· 85

ATK_ICMP_TSTAMP_REQ·· 86

ATK_ICMP_TSTAMP_REQ_RAW·· 87

ATK_ICMP_TSTAMP_REQ_RAW_SZ· 88

ATK_ICMP_TSTAMP_REQ_SZ· 89

ATK_ICMP_TSTAMP_RPL· 90

ATK_ICMP_TSTAMP_RPL_RAW·· 91

ATK_ICMP_TSTAMP_RPL_RAW_SZ· 92

ATK_ICMP_TSTAMP_RPL_SZ· 93

ATK_ICMP_TYPE· 94

ATK_ICMP_TYPE_RAW·· 95

ATK_ICMP_TYPE_RAW_SZ· 96

ATK_ICMP_TYPE_SZ· 97

ATK_ICMP_UNREACHABLE· 98

ATK_ICMP_UNREACHABLE_RAW·· 99

ATK_ICMP_UNREACHABLE_RAW_SZ· 100

ATK_ICMP_UNREACHABLE_SZ· 101

ATK_ICMPV6_DEST_UNREACH·· 102

ATK_ICMPV6_DEST_UNREACH_RAW·· 103

ATK_ICMPV6_DEST_UNREACH_RAW_SZ· 103

ATK_ICMPV6_DEST_UNREACH_SZ· 104

ATK_ICMPV6_ECHO_REQ·· 105

ATK_ICMPV6_ECHO_REQ_RAW·· 106

ATK_ICMPV6_ECHO_REQ_RAW_SZ· 106

ATK_ICMPV6_ECHO_REQ_SZ· 107

ATK_ICMPV6_ECHO_RPL· 108

ATK_ICMPV6_ECHO_RPL_RAW·· 109

ATK_ICMPV6_ECHO_RPL_RAW_SZ· 109

ATK_ICMPV6_ECHO_RPL_SZ· 110

ATK_ICMPV6_FLOOD·· 111

ATK_ICMPV6_FLOOD_SZ· 111

ATK_ICMPV6_GROUPQUERY· 112

ATK_ICMPV6_GROUPQUERY_RAW·· 113

ATK_ICMPV6_GROUPQUERY_RAW_SZ· 113

ATK_ICMPV6_GROUPQUERY_SZ· 114

ATK_ICMPV6_GROUPREDUCTION·· 115

ATK_ICMPV6_GROUPREDUCTION_RAW·· 116

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ· 116

ATK_ICMPV6_GROUPREDUCTION_SZ· 117

ATK_ICMPV6_GROUPREPORT· 118

ATK_ICMPV6_GROUPREPORT_RAW·· 119

ATK_ICMPV6_GROUPREPORT_RAW_SZ· 119

ATK_ICMPV6_GROUPREPORT_SZ· 120

ATK_ICMPV6_LARGE· 121

ATK_ICMPV6_LARGE_RAW·· 121

ATK_ICMPV6_LARGE_RAW_SZ· 122

ATK_ICMPV6_LARGE_SZ· 122

ATK_ICMPV6_PACKETTOOBIG·· 123

ATK_ICMPV6_PACKETTOOBIG_RAW·· 124

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ· 124

ATK_ICMPV6_PACKETTOOBIG_SZ· 125

ATK_ICMPV6_PARAPROBLEM·· 126

ATK_ICMPV6_PARAPROBLEM_RAW·· 127

ATK_ICMPV6_PARAPROBLEM_RAW_SZ· 127

ATK_ICMPV6_PARAPROBLEM_SZ· 128

ATK_ICMPV6_TIMEEXCEED·· 129

ATK_ICMPV6_TIMEEXCEED_RAW·· 130

ATK_ICMPV6_TIMEEXCEED_RAW_SZ· 130

ATK_ICMPV6_TIMEEXCEED_SZ· 131

ATK_ICMPV6_TRACEROUTE· 132

ATK_ICMPV6_TRACEROUTE_RAW·· 133

ATK_ICMPV6_TRACEROUTE_RAW_SZ· 134

ATK_ICMPV6_TRACEROUTE_SZ· 135

ATK_ICMPV6_TYPE· 136

ATK_ICMPV6_TYPE _RAW_SZ· 137

ATK_ICMPV6_TYPE_RAW·· 137

ATK_ICMPV6_TYPE_SZ· 138

ATK_IP_OPTION·· 139

ATK_IP_OPTION_RAW·· 140

ATK_IP_OPTION_RAW_SZ· 141

ATK_IP_OPTION_SZ· 142

ATK_IP4_ACK_FLOOD·· 143

ATK_IP4_ACK_FLOOD_SZ· 143

ATK_IP4_DIS_PORTSCAN·· 144

ATK_IP4_DIS_PORTSCAN_SZ· 144

ATK_IP4_DNS_FLOOD·· 145

ATK_IP4_DNS_FLOOD_SZ· 145

ATK_IP4_FIN_FLOOD·· 146

ATK_IP4_FIN_FLOOD_SZ· 146

ATK_IP4_FRAGMENT· 147

ATK_IP4_FRAGMENT_RAW·· 148

ATK_IP4_FRAGMENT_RAW_SZ· 149

ATK_IP4_FRAGMENT_SZ· 150

ATK_IP4_HTTP_FLOOD·· 151

ATK_IP4_HTTP_FLOOD_SZ· 151

ATK_IP4_IMPOSSIBLE· 152

ATK_IP4_IMPOSSIBLE_RAW·· 153

ATK_IP4_IMPOSSIBLE_RAW_SZ· 154

ATK_IP4_IMPOSSIBLE_SZ· 155

ATK_IP4_IPSWEEP· 156

ATK_IP4_IPSWEEP_SZ· 156

ATK_IP4_PORTSCAN·· 157

ATK_IP4_PORTSCAN_SZ· 157

ATK_IP4_RST_FLOOD·· 158

ATK_IP4_RST_FLOOD_SZ· 158

ATK_IP4_SYN_FLOOD·· 159

ATK_IP4_SYN_FLOOD_SZ· 159

ATK_IP4_SYNACK_FLOOD·· 160

ATK_IP4_SYNACK_FLOOD_SZ· 160

ATK_IP4_TCP_ALLFLAGS· 161

ATK_IP4_TCP_ALLFLAGS_RAW·· 162

ATK_IP4_TCP_ALLFLAGS_RAW_SZ· 162

ATK_IP4_TCP_ALLFLAGS_SZ· 163

ATK_IP4_TCP_FINONLY· 164

ATK_IP4_TCP_FINONLY_RAW·· 165

ATK_IP4_TCP_FINONLY_RAW_SZ· 165

ATK_IP4_TCP_FINONLY_SZ· 166

ATK_IP4_TCP_INVALIDFLAGS· 167

ATK_IP4_TCP_INVALIDFLAGS_RAW·· 168

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ· 169

ATK_IP4_TCP_INVALIDFLAGS_SZ· 170

ATK_IP4_TCP_LAND·· 171

ATK_IP4_TCP_LAND_RAW·· 172

ATK_IP4_TCP_LAND_RAW_SZ· 172

ATK_IP4_TCP_LAND_SZ· 173

ATK_IP4_TCP_NULLFLAG·· 174

ATK_IP4_TCP_NULLFLAG_RAW·· 175

ATK_IP4_TCP_NULLFLAG_RAW_SZ· 175

ATK_IP4_TCP_NULLFLAG_SZ· 176

ATK_IP4_TCP_SYNFIN·· 177

ATK_IP4_TCP_SYNFIN_RAW·· 178

ATK_IP4_TCP_SYNFIN_RAW_SZ· 178

ATK_IP4_TCP_SYNFIN_SZ· 179

ATK_IP4_TCP_WINNUKE· 180

ATK_IP4_TCP_WINNUKE_RAW·· 181

ATK_IP4_TCP_WINNUKE_RAW_SZ· 182

ATK_IP4_TCP_WINNUKE_SZ· 183

ATK_IP4_TEARDROP· 184

ATK_IP4_TEARDROP_RAW·· 185

ATK_IP4_TEARDROP_RAW_SZ· 186

ATK_IP4_TEARDROP_SZ· 187

ATK_IP4_TINY_FRAGMENT· 188

ATK_IP4_TINY_FRAGMENT_RAW·· 189

ATK_IP4_TINY_FRAGMENT_RAW_SZ· 190

ATK_IP4_TINY_FRAGMENT_SZ· 191

ATK_IP4_UDP_BOMB· 192

ATK_IP4_UDP_BOMB_RAW·· 193

ATK_IP4_UDP_BOMB_RAW_SZ· 194

ATK_IP4_UDP_BOMB_SZ· 195

ATK_IP4_UDP_FLOOD·· 196

ATK_IP4_UDP_FLOOD_SZ· 196

ATK_IP4_UDP_FRAGGLE· 197

ATK_IP4_UDP_FRAGGLE_RAW·· 198

ATK_IP4_UDP_FRAGGLE_RAW_SZ· 198

ATK_IP4_UDP_FRAGGLE_SZ· 199

ATK_IP4_UDP_SNORK· 200

ATK_IP4_UDP_SNORK_RAW·· 201

ATK_IP4_UDP_SNORK_RAW_SZ· 201

ATK_IP4_UDP_SNORK_SZ· 202

ATK_IP6_ACK_FLOOD·· 203

ATK_IP6_ACK_FLOOD_SZ· 203

ATK_IP6_DIS_PORTSCAN·· 204

ATK_IP6_DIS_PORTSCAN_SZ· 204

ATK_IP6_DNS_FLOOD·· 205

ATK_IP6_DNS_FLOOD_SZ· 205

ATK_IP6_FIN_FLOOD·· 206

ATK_IP6_FIN_FLOOD_SZ· 206

ATK_IP6_FRAGMENT· 207

ATK_IP6_FRAGMENT_RAW·· 208

ATK_IP6_FRAGMENT_RAW_SZ· 208

ATK_IP6_FRAGMENT_SZ· 209

ATK_IP6_HTTP_FLOOD·· 210

ATK_IP6_HTTP_FLOOD_SZ· 210

ATK_IP6_IMPOSSIBLE· 211

ATK_IP6_IMPOSSIBLE_RAW·· 212

ATK_IP6_IMPOSSIBLE_RAW_SZ· 213

ATK_IP6_IMPOSSIBLE_SZ· 214

ATK_IP6_IPSWEEP· 214

ATK_IP6_IPSWEEP_SZ· 215

ATK_IP6_PORTSCAN·· 215

ATK_IP6_PORTSCAN_SZ· 216

ATK_IP6_RST_FLOOD·· 216

ATK_IP6_RST_FLOOD_SZ· 217

ATK_IP6_SYN_FLOOD·· 217

ATK_IP6_SYN_FLOOD_SZ· 218

ATK_IP6_SYNACK_FLOOD·· 218

ATK_IP6_SYNACK_FLOOD_SZ· 219

ATK_IP6_TCP_ALLFLAGS· 219

ATK_IP6_TCP_ALLFLAGS_RAW·· 220

ATK_IP6_TCP_ALLFLAGS_RAW_SZ· 220

ATK_IP6_TCP_ALLFLAGS_SZ· 221

ATK_IP6_TCP_FINONLY· 222

ATK_IP6_TCP_FINONLY_RAW·· 222

ATK_IP6_TCP_FINONLY_RAW_SZ· 223

ATK_IP6_TCP_FINONLY_SZ· 223

ATK_IP6_TCP_INVALIDFLAGS· 224

ATK_IP6_TCP_INVALIDFLAGS_RAW·· 225

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ· 226

ATK_IP6_TCP_INVALIDFLAGS_SZ· 227

ATK_IP6_TCP_LAND·· 228

ATK_IP6_TCP_LAND_RAW·· 228

ATK_IP6_TCP_LAND_RAW_SZ· 229

ATK_IP6_TCP_LAND_SZ· 229

ATK_IP6_TCP_NULLFLAG·· 230

ATK_IP6_TCP_NULLFLAG_RAW·· 230

ATK_IP6_TCP_NULLFLAG_RAW_SZ· 231

ATK_IP6_TCP_NULLFLAG_SZ· 231

ATK_IP6_TCP_SYNFIN·· 232

ATK_IP6_TCP_SYNFIN_RAW·· 232

ATK_IP6_TCP_SYNFIN_RAW_SZ· 233

ATK_IP6_TCP_SYNFIN_SZ· 233

ATK_IP6_TCP_WINNUKE· 234

ATK_IP6_TCP_WINNUKE_RAW·· 234

ATK_IP6_TCP_WINNUKE_RAW_SZ· 235

ATK_IP6_TCP_WINNUKE_SZ· 235

ATK_IP6_UDP_FLOOD·· 236

ATK_IP6_UDP_FLOOD_SZ· 236

ATK_IP6_UDP_FRAGGLE· 237

ATK_IP6_UDP_FRAGGLE_RAW·· 237

ATK_IP6_UDP_FRAGGLE_RAW_SZ· 238

ATK_IP6_UDP_FRAGGLE_SZ· 238

ATK_IP6_UDP_SNORK· 239

ATK_IP6_UDP_SNORK_RAW·· 239

ATK_IP6_UDP_SNORK_RAW_SZ· 240

ATK_IP6_UDP_SNORK_SZ· 240

ATK_IPOPT_ABNORMAL· 241

ATK_IPOPT_ABNORMAL_RAW·· 242

ATK_IPOPT_ABNORMAL_RAW_SZ· 243

ATK_IPOPT_ABNORMAL_SZ· 244

ATK_IPOPT_LOOSESRCROUTE· 245

ATK_IPOPT_LOOSESRCROUTE_RAW·· 246

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ· 247

ATK_IPOPT_LOOSESRCROUTE_SZ· 248

ATK_IPOPT_RECORDROUTE· 249

ATK_IPOPT_RECORDROUTE_RAW·· 250

ATK_IPOPT_RECORDROUTE_RAW_SZ· 251

ATK_IPOPT_RECORDROUTE_SZ· 252

ATK_IPOPT_ROUTEALERT· 253

ATK_IPOPT_ROUTEALERT_RAW·· 254

ATK_IPOPT_ROUTEALERT_RAW_SZ· 255

ATK_IPOPT_ROUTEALERT_SZ· 256

ATK_IPOPT_SECURITY· 257

ATK_IPOPT_SECURITY_RAW·· 258

ATK_IPOPT_SECURITY_RAW_SZ· 259

ATK_IPOPT_SECURITY_SZ· 260

ATK_IPOPT_STREAMID·· 261

ATK_IPOPT_STREAMID_RAW·· 262

ATK_IPOPT_STREAMID_RAW_SZ· 263

ATK_IPOPT_STREAMID_SZ· 264

ATK_IPOPT_STRICTSRCROUTE· 265

ATK_IPOPT_STRICTSRCROUTE_RAW·· 266

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ· 267

ATK_IPOPT_STRICTSRCROUTE_SZ· 268

ATK_IPOPT_TIMESTAMP· 269

ATK_IPOPT_TIMESTAMP_RAW·· 270

ATK_IPOPT_TIMESTAMP_RAW_SZ· 271

ATK_IPOPT_TIMESTAMP_SZ· 272

ATK_IPV6_EXT_HEADER·· 273

ATK_IPV6_EXT_HEADER_RAW·· 274

ATK_IPV6_EXT_HEADER_RAW_SZ· 274

ATK_IPV6_EXT_HEADER_SZ· 275

ATM·· 275

ATM_PVCDOWN·· 276

ATM_PVCUP· 277

BFD messages· 277

BFD_CHANGE_FSM·· 277

BFD_REACHED_UPPER_LIMIT· 278

BGP messages· 278

BGP_EXCEED_ROUTE_LIMIT· 278

BGP_REACHED_THRESHOLD·· 279

BGP_LOG_ROUTE_FLAP· 279

BGP_MEM_ALERT· 280

BGP_PEER_LICENSE_REACHED·· 280

BGP_ROUTE_LICENSE_REACHED·· 280

BGP_STATE_CHANGED·· 281

BLS messages· 281

BLS_ENTRY_ADD·· 281

BLS_ENTRY_DEL· 282

BLS_IPV6_ENTRY_ADD·· 282

BLS_IPV6_ENTRY_DEL· 283

CFD messages· 283

CFD_CROSS_CCM·· 283

CFD_ERROR_CCM·· 284

CFD_LOST_CCM·· 284

CFD_RECEIVE_CCM·· 285

CFGMAN messages· 285

CFGMAN_ARCHIVE_SCP_FAIL· 285

CFGMAN_CFGCHANGED·· 286

CFGMAN_EXIT_FROM_CONFIGURE· 286

CFGMAN_OPTCOMPLETION·· 287

CONNLMT messages· 288

CONNLMT_IPV4_OVERLOAD·· 288

CONNLMT_IPV4_RECOVER·· 289

CONNLMT_IPV6_OVERLOAD·· 290

CONNLMT_IPV6_RECOVER·· 291

DEV messages· 291

BOARD_INSERTED·· 292

BOARD_REBOOT· 292

BOARD_REMOVED·· 293

BOARD_STATE_FAULT· 293

BOARD_STATE_NORMAL· 294

BOARD_STATE_STARTING·· 294

CFCARD_INSERTED·· 295

CFCARD_REMOVED·· 295

CHASSIS_REBOOT· 296

DEV_CLOCK_CHANGE· 296

DEV_FAULT_TOOLONG·· 296

DYINGGASP· 297

FAN_ABSENT· 297

FAN_DIRECTION_NOT_PREFERRED·· 298

FAN_FAILED·· 298

FAN_RECOVERED·· 299

MAD_DETECT· 299

POWER_ABSENT· 300

POWER_FAILED·· 300

POWER_MONITOR_ABSENT· 301

POWER_MONITOR_FAILED·· 301

POWER_MONITOR_RECOVERED·· 302

POWER_RECOVERED·· 302

RPS_ABSENT· 303

RPS_NORMAL· 303

SUBCARD_FAULT· 304

SUBCARD_INSERTED·· 305

SUBCARD_REBOOT· 306

SUBCARD_REMOVED·· 307

SYSTEM_REBOOT· 307

TEMPERATURE_ALARM·· 308

TEMPERATURE_LOW·· 309

TEMPERATURE_NORMAL· 310

TEMPERATURE_SHUTDOWN·· 311

TEMPERATURE_WARNING·· 312

VCHK_VERSION_INCOMPATIBLE· 313

DHCP· 313

DHCP_NOTSUPPORTED·· 313

DHCP_NORESOURCES· 313

DHCPR· 314

DHCPR_SERVERCHANGE· 314

DHCPR_SWITCHMASTER·· 314

DHCPS messages· 314

DHCPS_ALLOCATE_IP· 315

DHCPS_CONFLICT_IP· 315

DHCPS_EXTEND_IP· 316

DHCPS_FILE· 316

DHCPS_RECLAIM_IP· 316

DHCPS_VERIFY_CLASS· 317

DHCPS6 messages· 317

DHCPS6_ALLOCATE_ADDRESS· 317

DHCPS6_ALLOCATE_PREFIX· 318

DHCPS6_CONFLICT_ADDRESS· 318

DHCPS6_EXTEND_ADDRESS· 319

DHCPS6_EXTEND_PREFIX· 319

DHCPS6_FILE· 320

DHCPS6_RECLAIM_ADDRESS· 320

DHCPS6_RECLAIM_PREFIX· 321

DHCPSP4· 321

DHCPSP4_FILE· 321

DHCPSP6· 321

DHCPSP6_FILE· 322

DIAG messages· 322

CPU_MINOR_RECOVERY· 322

CPU_MINOR_THRESHOLD·· 322

CPU_SEVERE_RECOVERY· 323

CPU_SEVERE_THRESHOLD·· 323

MEM_ALERT· 324

MEM_BELOW_THRESHOLD·· 325

MEM_EXCEED_THRESHOLD·· 325

DLDP messages· 325

DLDP_AUTHENTICATION_FAILED·· 326

DLDP_LINK_BIDIRECTIONAL· 326

DLDP_LINK_SHUTMODECHG·· 327

DLDP_LINK_UNIDIRECTIONAL· 327

DLDP_NEIGHBOR_AGED·· 328

DLDP_NEIGHBOR_CONFIRMED·· 328

DLDP_NEIGHBOR_DELETED·· 329

DOT1X messages· 329

DOT1X_CONFIG_NOTSUPPORT· 329

DOT1X_LOGIN_FAILURE· 330

DOT1X_LOGIN_SUCC·· 330

DOT1X_LOGIN_SUCC (in open mode) 331

DOT1X_LOGOFF· 331

DOT1X_LOGOFF (in open mode) 332

DOT1X_LOGOFF_ABNORMAL· 332

DOT1X_LOGOFF_ABNORMAL (in open mode) 333

DOT1X_MACBINDING_EXIST· 333

DOT1X_NOTENOUGH_EADFREEIP_RES· 334

DOT1X_NOTENOUGH_EADFREERULE_RES· 334

DOT1X_NOTENOUGH_EADMACREDIR_RES· 334

DOT1X_NOTENOUGH_EADPORTREDIR_RES· 335

DOT1X_NOTENOUGH_ENABLEDOT1X_RES· 335

DOT1X_PEXAGG_NOMEMBER_RES· 335

DOT1X_SMARTON_FAILURE· 336

DOT1X_UNICAST_NOT_EFFECTIVE· 336

DRNI 336

DRNI_IFEVENT_DR_BIND·· 337

DRNI_IFEVENT_DR_GLOBALDOWN·· 337

DRNI_IFEVENT_DR_GLOBALUP· 337

DRNI_IFEVENT_DR_NOSELECTED·· 338

DRNI_IFEVENT_DR_PEER_NOSELECTED·· 338

DRNI_IFEVENT_DR_PEER_SELECTED·· 338

DRNI_IFEVENT_DR_SELECTED·· 339

DRNI_IFEVENT_DR_UNBIND·· 339

DRNI_IFEVENT_IPP_BIND·· 339

DRNI_IFEVENT_IPP_DOWN·· 340

DRNI_IFEVENT_IPP_UNBIND·· 340

DRNI_IFEVENT_IPP_UP· 340

DRNI_IPP_BLOCK· 341

DRNI_IPP_UNBLOCK· 341

DRNI_KEEPALIVEINTERVAL_MISMATCH·· 341

DRNI_KEEPALIVELINK_DOWN·· 342

DRNI_KEEPALIVELINK_UP· 342

DRNI_SECONDARY_MADDOWN·· 342

DRNI_SYSEVENT_DEVICEROLE_CHANGE· 343

DRNI_SYSEVENT_MAC_CHANGE· 343

DRNI_SYSEVENT_NUMBER_CHANGE· 343

DRNI_SYSEVENT_PRIORITY_CHANGE· 344

EDEV messages· 344

EDEV_ALARM_IN_REMOVED·· 344

EDEV_ALARM_IN_REPORTEDOCCURRED·· 344

EDEV_BOOTROM_UPDATE_FAILED·· 345

EDEV_BOOTROM_UPDATE_SUCCESS· 345

EDEV_FAILOVER_GROUP_STATE_CHANGE· 345

ERPS messages· 345

ERPS_STATE_CHANGED·· 346

ETHOAM messages· 346

ETHOAM_CONNECTION_FAIL_DOWN·· 346

ETHOAM_CONNECTION_FAIL_TIMEOUT· 346

ETHOAM_CONNECTION_FAIL_UNSATISF· 347

ETHOAM_CONNECTION_SUCCEED·· 347

ETHOAM_DISABLE· 347

ETHOAM_DISCOVERY_EXIT· 348

ETHOAM_ENABLE· 348

ETHOAM_ENTER_LOOPBACK_CTRLLED·· 348

ETHOAM_ENTER_LOOPBACK_CTRLLING·· 349

ETHOAM_LOCAL_DYING_GASP· 349

ETHOAM_LOCAL_ERROR_FRAME· 349

ETHOAM_LOCAL_ERROR_FRAME_PERIOD·· 350

ETHOAM_LOCAL_ERROR_FRAME_SECOND·· 350

ETHOAM_LOCAL_ERROR_SYMBOL· 350

ETHOAM_LOCAL_LINK_FAULT· 351

ETHOAM_LOOPBACK_EXIT· 351

ETHOAM_LOOPBACK_EXIT_ERROR_STATU·· 351

ETHOAM_LOOPBACK_NO_RESOURCE· 352

ETHOAM_LOOPBACK_NOT_SUPPORT· 352

ETHOAM_QUIT_LOOPBACK_CTRLLED·· 352

ETHOAM_QUIT_LOOPBACK_CTRLLING·· 353

ETHOAM_REMOTE_CRITICAL· 353

ETHOAM_REMOTE_DYING_GASP· 353

ETHOAM_REMOTE_ERROR_FRAME· 354

ETHOAM_REMOTE_ERROR_FRAME_PERIOD·· 354

ETHOAM_REMOTE_ERROR_FRAME_SECOND·· 354

ETHOAM_REMOTE_ERROR_SYMBOL· 355

ETHOAM_REMOTE_EXIT· 355

ETHOAM_REMOTE_FAILURE_RECOVER·· 355

ETHOAM_REMOTE_LINK_FAULT· 356

ETHOAM_NO_ENOUGH_RESOURCE· 356

ETHOAM_NOT_CONNECTION_TIMEOUT· 356

EVB messages· 356

EVB_AGG_FAILED·· 357

EVB_LICENSE_EXPIRE· 357

EVB_VSI_OFFLINE· 357

EVB_VSI_ONLINE· 358

EVIISIS messages· 358

EVIISIS_LICENSE_EXPIRED·· 358

EVIISIS_LICENSE_EXPIRED_TIME· 358

EVIISIS_LICENSE_UNAVAILABLE· 359

EVIISIS_NBR_CHG·· 359

FCLINK messages· 359

FCLINK_FDISC_REJECT_NORESOURCE· 360

FCLINK_FLOGI_REJECT_NORESOURCE· 360

FCOE messages· 360

FCOE_INTERFACE_NOTSUPPORT_FCOE· 361

FCOE_LAGG_BIND_ACTIVE· 361

FCOE_LAGG_BIND_DEACTIVE· 362

FCZONE messages· 362

FCZONE_DISTRIBUTE_FAILED·· 363

FCZONE_HARDZONE_DISABLED·· 363

FCZONE_HARDZONE_ENABLED·· 364

FCZONE_ISOLATE_ALLNEIGHBOR·· 364

FCZONE_ISOLATE_CLEAR_VSAN·· 365

FCZONE_ISOLATE_CLEAR_ALLVSAN·· 365

FCZONE_ISOLATE_NEIGHBOR·· 365

FIB messages· 366

FIB_FILE· 366

FILTER messages· 366

FILTER_EXECUTION_ICMP· 367

FILTER_EXECUTION_ICMPV6· 367

FILTER_IPV4_EXECUTION·· 368

FILTER_IPV6_EXECUTION·· 369

FIPS messages· 369

FCOE_FIPS_HARD_RESOURCE_NOENOUGH·· 369

FCOE_FIPS_HARD_RESOURCE_RESTORE· 370

FS messages· 370

FS_UNFORMATTED_PARTITION·· 370

FTPD messages· 370

FTP_ACL_DENY· 370

FTPD_REACH_SESSION_LIMIT· 371

FTPD_AUTHOR_FAILED·· 371

HA messages· 371

HA_BATCHBACKUP_FINISHED·· 372

HA_BATCHBACKUP_STARTED·· 372

HA_STANDBY_NOT_READY· 372

HA_STANDBY_TO_MASTER·· 373

HQOS messages· 373

HQOS_DP_SET_FAIL· 373

HQOS_FP_SET_FAIL· 374

HQOS_POLICY_APPLY_FAIL· 374

HQOS_POLICY_APPLY_FAIL· 375

HTTPD messages· 375

HTTPD_CONNECT· 375

HTTPD_CONNECT_TIMEOUT· 376

HTTPD_DISCONNECT· 376

HTTPD_FAIL_FOR_ACL· 376

HTTPD_FAIL_FOR_ACP· 377

HTTPD_REACH_CONNECT_LIMIT· 377

IFNET messages· 377

IF_BUFFER_CONGESTION_OCCURRENCE· 378

IF_BUFFER_CONGESTION_CLEAR·· 378

IF_JUMBOFRAME_WARN·· 379

INTERFACE_NOTSUPPRESSED·· 379

INTERFACE_SUPPRESSED·· 379

LINK_UPDOWN·· 380

PHY_UPDOWN·· 380

PROTOCOL_UPDOWN·· 380

TUNNEL_LINK_UPDOWN·· 381

TUNNEL_PHY_UPDOWN·· 381

VLAN_MODE_CHANGE· 381

IKE messages· 381

IKE_P1_SA_ESTABLISH_FAIL· 382

IKE_P2_SA_ESTABLISH_FAIL· 382

IKE_P2_SA_TERMINATE· 383

IKE_VERIFY_CERT_FAIL· 383

Introduction· 384

System log message format 385

Managing and obtaining system log messages· 386

Obtaining log messages from the console terminal 387

Obtaining log messages from the log buffer 387

Obtaining log messages from a monitor terminal 387

Obtaining log messages from the log file· 387

Obtaining log messages from a log host 387

Software module list 387

Using this document 391

IPFW·· 392

IPFW_FAILURE· 393

IPSEC messages· 393

IPSEC_FAILED_ADD_FLOW_TABLE· 393

IPSEC_PACKET_DISCARDED·· 394

IPSEC_SA_ESTABLISH·· 394

IPSEC_SA_ESTABLISH_FAIL· 395

IPSEC_SA_INITINATION·· 395

IPSEC_SA_TERMINATE· 396

IPSG messages· 396

IPSG_ADDENTRY_ERROR·· 397

IPSG_DELENTRY_ERROR·· 398

IPSG_ADDEXCLUDEDVLAN_ERROR·· 399

IPSG_DELEXCLUDEDVLAN_ERROR·· 400

IRDP messages· 400

IRDP_EXCEED_ADVADDR_LIMIT· 400

IRF· 401

IRF_LINK_BLOCK· 401

IRF_LINK_DOWN·· 401

IRF_LINK_UP· 401

IRF_MEMBERID_CONFLICT· 402

IRF_MERGE· 402

IRF_MERGE_NEED_REBOOT· 402

IRF_MERGE_NOT_NEED_REBOOT· 403

ISIS messages· 403

ISIS_LSP_CONFLICT· 403

ISIS_MEM_ALERT· 403

ISIS_NBR_CHG·· 404

ISSU messages· 404

ISSU_LOAD_FAILED·· 404

ISSU_LOAD_SUCCESS· 404

ISSU_PROCESSWITCHOVER·· 405

ISSU_ROLLBACKCHECKNORMAL· 405

L2PT messages· 405

L2PT_SET_MULTIMAC_FAILED·· 405

L2PT_CREATE_TUNNELGROUP_FAILED·· 406

L2PT_ADD_GROUPMEMBER_FAILED·· 406

L2PT_ENABLE_DROP_FAILED·· 406

L2TP messages· 406

L2TPV2_TUNNEL_EXCEED_LIMIT· 407

L2TPV2_SESSION_EXCEED_LIMIT· 407

L2VPN messages· 407

L2VPN_BGPVC_CONFLICT_LOCAL· 408

L2VPN_BGPVC_CONFLICT_REMOTE· 408

L2VPN_HARD_RESOURCE_NOENOUGH·· 408

L2VPN_HARD_RESOURCE_RESTORE· 409

L2VPN_LABEL_DUPLICATE· 409

LAGG messages· 409

LAGG_ACTIVE· 410

LAGG_INACTIVE_AICFG·· 410

LAGG_INACTIVE_BFD·· 411

LAGG_INACTIVE_CONFIGURATION·· 411

LAGG_INACTIVE_DUPLEX· 412

LAGG_INACTIVE_HARDWAREVALUE· 412

LAGG_INACTIVE_LOWER_LIMIT· 412

LAGG_INACTIVE_PARTNER·· 413

LAGG_INACTIVE_PHYSTATE· 413

LAGG_INACTIVE_RESOURCE_INSUFICIE· 413

LAGG_INACTIVE_SPEED·· 414

LAGG_INACTIVE_UPPER_LIMIT· 414

LDP messages· 414

LDP_MPLSLSRID_CHG·· 415

LDP_SESSION_CHG·· 416

LDP_SESSION_GR·· 417

LDP_SESSION_SP· 417

License messages· 417

LIC_INIT· 418

LLDP messages· 418

LLDP_CREATE_NEIGHBOR·· 419

LLDP_DELETE_NEIGHBOR·· 419

LLDP_LESS_THAN_NEIGHBOR_LIMIT· 420

LLDP_NEIGHBOR_AGE_OUT· 420

LLDP_NEIGHBOR_PROTECTION_BLOCK· 421

LLDP_NEIGHBOR_PROTECTION_DOWN·· 421

LLDP_NEIGHBOR_PROTECTION_UNBLOCK· 422

LLDP_NEIGHBOR_PROTECTION_UP· 422

LLDP_PVID_INCONSISTENT· 422

LLDP_REACH_NEIGHBOR_LIMIT· 423

LOAD messages· 423

BOARD_LOADING·· 423

LOAD_FAILED·· 424

LOAD_FINISHED·· 424

LOGIN messages· 424

LOGIN_FAILED·· 425

LOGIN_ INVALID_USERNAME_PWD·· 425

LPDT messages· 425

LPDT_LOOPED·· 425

LPDT_RECOVERED·· 426

LPDT_VLAN_LOOPED·· 426

LPDT_VLAN_RECOVERED·· 426

LS messages· 426

LS_ADD_USER_TO_GROUP· 427

LS_AUTHEN_FAILURE· 427

LS_AUTHEN_SUCCESS· 427

LS_DEL_USER_FROM_GROUP· 428

LS_DELETE_PASSWORD_FAIL· 428

LS_PWD_ADDBLACKLIST· 428

LS_PWD_CHGPWD_FOR_AGEDOUT· 429

LS_PWD_CHGPWD_FOR_AGEOUT· 429

LS_PWD_CHGPWD_FOR_COMPOSITION·· 429

LS_PWD_CHGPWD_FOR_FIRSTLOGIN·· 430

LS_PWD_CHGPWD_FOR_LENGTH·· 430

LS_PWD_FAILED2WRITEPASS2FILE· 430

LS_PWD_MODIFY_FAIL· 431

LS_PWD_MODIFY_SUCCESS· 431

LS_REAUTHEN_FAILURE· 431

LS_UPDATE_PASSWORD_FAIL· 432

LS_USER_CANCEL· 432

LS_USER_PASSWORD_EXPIRE· 432

LS_USER_ROLE_CHANGE· 433

LSPV messages· 433

LSPV_PING_STATIS_INFO·· 433

MAC messages· 433

MAC_DRIVER_ADD_ENTRY· 434

MAC_TABLE_FULL_GLOBAL· 434

MAC_TABLE_FULL_PORT· 434

MAC_TABLE_FULL_VLAN·· 435

MAC_VLAN_LEARNLIMIT_NORESOURCE· 435

MAC_VLAN_LEARNLIMIT_NOTSUPPORT· 435

MACA messages· 435

MACA_ENABLE_NOT_EFFECTIVE· 436

MACA_LOGIN_FAILURE· 436

MACA_LOGIN_SUCC·· 437

MACA_LOGIN_SUCC (in open mode) 437

MACA_LOGOFF· 438

MACA_LOGOFF (in open mode) 438

MACSEC messages· 438

MACSEC_MKA_KEEPALIVE_TIMEOUT· 439

MACSEC_MKA_PRINCIPAL_ACTOR·· 439

MACSEC_MKA_SAK_REFRESH·· 439

MACSEC_MKA_SESSION_REAUTH·· 440

MACSEC_MKA_SESSION_SECURED·· 440

MACSEC_MKA_SESSION_START· 441

MACSEC_MKA_SESSION_STOP· 441

MACSEC_MKA_SESSION_UNSECURED·· 442

MBFD messages· 442

MBFD_TRACEROUTE_FAILURE· 442

MBUF messages· 442

MBUF_DATA_BLOCK_CREATE_FAIL· 443

MDC messages· 443

MDC_CREATE_ERR·· 444

MDC_CREATE· 444

MDC_DELETE· 444

MDC_KERNEL_EVENT_TOOLONG·· 445

MDC_LICENSE_EXPIRE· 445

MDC_NO_FORMAL_LICENSE· 445

MDC_NO_LICENSE_EXIT· 446

MDC_OFFLINE· 446

MDC_ONLINE· 446

MDC_STATE_CHANGE· 447

MFIB messages· 447

MFIB_MEM_ALERT· 447

MGROUP messages· 447

MGROUP_APPLY_SAMPLER_FAIL· 448

MGROUP_RESTORE_CPUCFG_FAIL· 448

MGROUP_RESTORE_IFCFG_FAIL· 449

MGROUP_SYNC_CFG_FAIL· 449

MPLS messages· 449

MPLS_HARD_RESOURCE_NOENOUGH·· 450

MPLS_HARD_RESOURCE_RESTORE· 450

MTLK messages· 450

MTLK_UPLINK_STATUS_CHANGE· 450

NAT messages· 451

NAT_ADDR_BIND_CONFLICT· 451

NAT_FAILED_ADD_FLOW_RULE· 451

NAT_FAILED_ADD_FLOW_TABLE· 452

NAT_FLOW·· 452

NAT_SERVICE_CARD_RECOVER_FAILURE· 453

NAT_SERVER_INVALID·· 454

ND messages· 454

ND_CONFLICT· 454

ND_DUPADDR·· 455

ND_HOST_IP_CONFLICT· 455

ND_MAC_CHECK· 455

ND_RAGUARD_DROP· 456

ND_SET_PORT_TRUST_NORESOURCE· 456

ND_SET_VLAN_REDIRECT_NORESOURCE· 456

NETCONF messages· 456

CLI 457

row-operation· 458

THREAD·· 458

NQA messages· 459

NQA_LOG_UNREACHABLE· 459

NTP messages· 459

NTP_CLOCK_CHANGE· 459

NTP_LEAP_CHANGE· 460

NTP_SOURCE_CHANGE· 460

NTP_SOURCE_LOST· 461

NTP_STRATUM_CHANGE· 461

OBJP messages· 461

OBJP_ACCELERATE_NO_RES· 462

OBJP_ACCELERATE_NOT_SUPPORT· 462

OBJP_ACCELERATE_UNK_ERR·· 462

OFP messages· 462

OFP_ACTIVE· 463

OFP_ACTIVE_FAILED·· 463

OFP_CONNECT· 463

OFP_FAIL_OPEN·· 464

OFP_FLOW_ADD·· 464

OFP_FLOW_ADD_ARP_FAILED·· 464

OFP_FLOW_ADD_DUP· 465

OFP_FLOW_ADD_FAILED·· 465

OFP_FLOW_ADD_FAILED·· 466

OFP_FLOW_ADD_TABLE_MISS· 466

OFP_FLOW_ADD_TABLE_MISS_FAILED·· 467

OFP_FLOW_DEL· 467

OFP_FLOW_DEL_L2VPN_DISABLE· 467

OFP_FLOW_DEL_TABLE_MISS· 468

OFP_FLOW_DEL_TABLE_MISS_FAILED·· 468

OFP_FLOW_DEL_VXLAN_DEL· 469

OFP_FLOW_MOD·· 469

OFP_FLOW_MOD_FAILED·· 470

OFP_FLOW_MOD_TABLE_MISS· 470

OFP_FLOW_MOD_TABLE_MISS_FAILED·· 471

OFP_FLOW_RMV_GROUP· 471

OFP_FLOW_RMV_HARDTIME· 471

OFP_FLOW_RMV_IDLETIME· 472

OFP_FLOW_RMV_METER·· 472

OFP_FLOW_UPDATE_FAILED·· 473

OFP_GROUP_ADD·· 473

OFP_GROUP_ADD_FAILED·· 474

OFP_GROUP_DEL· 474

OFP_GROUP_MOD·· 474

OFP_GROUP_MOD_FAILED·· 475

OFP_METER_ADD·· 475

OFP_METER_ADD_FAILED·· 475

OFP_METER_DEL· 476

OFP_METER_MOD·· 476

OFP_METER_MOD_FAILED·· 477

OFP_MISS_RMV_GROUP· 477

OFP_MISS_RMV_HARDTIME· 477

OFP_MISS_RMV_IDLETIME· 478

OFP_MISS_RMV_METER·· 478

OFP_RADARDETECTION·· 478

PORT_MOD·· 479

OPENSRC (FreeRADIUS) messages· 480

HUP event 480

Process restart event 481

Process start event 481

User authentication· 482

OPTMOD messages· 484

BIAS_HIGH·· 484

BIAS_LOW·· 485

BIAS_NORMAL· 485

CFG_ERR·· 485

CHKSUM_ERR·· 486

FIBER_SFP MODULE_INVALID·· 486

FIBER_SFPMODULE_NOWINVALID·· 486

IO_ERR·· 487

MOD_ALM_OFF· 487

MOD_ALM_ON·· 487

MODULE_IN·· 488

MODULE_OUT· 488

PHONY_MODULE· 488

RX_ALM_OFF· 489

RX_ALM_ON·· 489

RX_POW_HIGH·· 489

RX_POW_LOW·· 490

RX_POW_NORMAL· 490

TEMP_HIGH·· 490

TEMP_LOW·· 491

TEMP_NORMAL· 491

TX_ALM_OFF· 491

TX_ALM_ON·· 492

TX_POW_HIGH·· 492

TX_POW_LOW·· 492

TX_POW_NORMAL· 493

TYPE_ERR·· 493

VOLT_HIGH·· 493

VOLT_LOW·· 494

VOLT_NORMAL· 494

OSPF messages· 494

OSPF_DUP_RTRID_NBR·· 495

OSPF_IP_CONFLICT_INTRA· 495

OSPF_LAST_NBR_DOWN·· 496

OSPF_MEM_ALERT· 496

OSPF_NBR_CHG·· 497

OSPF_RT_LMT· 497

OSPF_RTRID_CHG·· 497

OSPF_RTRID_CONFLICT_INTER·· 498

OSPF_RTRID_CONFLICT_INTRA· 498

OSPF_VLINKID_CHG·· 498

OSPFV3 messages· 499

OSPFV3_LAST_NBR_DOWN·· 499

OSPFV3_MEM_ALERT· 499

OSPFV3_NBR_CHG·· 500

OSPFV3_RT_LMT· 500

PBB messages· 500

PBB_JOINAGG_WARNING·· 501

PBR messages· 501

PBR_HARDWARE_ERROR·· 501

PCE messages· 501

PCE_PCEP_SESSION_CHG·· 502

PEX messages (IRF 3) 502

PEX_ASSOCIATEID_MISMATCHING·· 503

PEX_CONFIG_ERROR·· 503

PEX_CONNECTION_ERROR·· 504

PEX_FORBID_STACK· 504

PEX_LINK_BLOCK· 505

PEX_LINK_DOWN·· 506

PEX_LINK_FORWARD·· 506

PEX_REG_JOININ·· 507

PEX_REG_LEAVE· 507

PEX_REG_REQUEST· 508

PEX_STACKCONNECTION_ERROR·· 508

PEX messages (IRF 3.1) 508

PEX_AUTOCONFIG_BAGG_ASSIGNMEMBER·· 509

PEX_AUTOCONFIG_BAGG_CREATE· 509

PEX_AUTOCONFIG_BAGG_NORESOURCE· 509

PEX_AUTOCONFIG_BAGG_REMOVEMEMBER·· 510

PEX_AUTOCONFIG_CAPABILITY_ENABLE· 510

PEX_AUTOCONFIG_CASCADELIMIT· 511

PEX_AUTOCONFIG_CONNECTION_ERROR·· 511

PEX_AUTOCONFIG_DIFFGROUPNUMBER·· 511

PEX_AUTOCONFIG_DYNAMICBAGG_STP· 512

PEX_AUTOCONFIG_GROUP_CREATE· 512

PEX_AUTOCONFIG_NONUMBERRESOURCE· 512

PEX_AUTOCONFIG_NOT_CASCADEPORT· 513

PEX_AUTOCONFIG_NUMBER_ASSIGN·· 513

PEX_LLDP_DISCOVER·· 514

PEX_MEMBERID_EXCEED·· 514

PEX_PECSP_OPEN_RCVD·· 514

PEX_PECSP_OPEN_SEND·· 515

PEX_PECSP_TIMEOUT· 515

PFILTER messages· 515

PFILTER_GLB_IPV4_DACT_NO_RES· 516

PFILTER_GLB_IPV4_DACT_UNK_ERR·· 516

PFILTER_GLB_IPV6_DACT_NO_RES· 517

PFILTER_GLB_IPV6_DACT_UNK_ERR·· 517

PFILTER_GLB_MAC_DACT_NO_RES· 518

PFILTER_GLB_MAC_DACT_UNK_ERR·· 518

PFILTER_GLB_NO_RES· 519

PFILTER_GLB_NOT_SUPPORT· 519

PFILTER_GLB_ RES_CONFLICT· 520

PFILTER_GLB_UNK_ERR·· 520

PFILTER_IF_IPV4_DACT_NO_RES· 521

PFILTER_IF_IPV4_DACT_UNK_ERR·· 521

PFILTER_IF_IPV6_DACT_NO_RES· 522

PFILTER_IF_IPV6_DACT_UNK_ERR·· 522

PFILTER_IF_MAC_DACT_NO_RES· 523

PFILTER_IF_MAC_DACT_UNK_ERR·· 523

PFILTER_IF_NO_RES· 524

PFILTER_IF_NOT_SUPPORT· 524

PFILTER_IF_RES_CONFLICT· 525

PFILTER_IF_UNK_ERR·· 525

PFILTER_IPV4_FLOW_INFO·· 526

PFILTER_IPV4_FLOW_STATIS· 526

PFILTER_IPV6_FLOW_INFO·· 527

PFILTER_IPV6_FLOW_STATIS· 527

PFILTER_IPV6_STATIS_INFO·· 528

PFILTER_MAC_FLOW_INFO·· 528

PFILTER_STATIS_INFO·· 529

PFILTER_VLAN_IPV4_DACT_NO_RES· 529

PFILTER_VLAN_IPV4_DACT_UNK_ERR·· 530

PFILTER_VLAN_IPV6_DACT_NO_RES· 530

PFILTER_VLAN_IPV6_DACT_UNK_ERR·· 531

PFILTER_VLAN_MAC_DACT_NO_RES· 531

PFILTER_VLAN_MAC_DACT_UNK_ERR·· 532

PFILTER_VLAN_NO_RES· 532

PFILTER_VLAN_NOT_SUPPORT· 533

PFILTER_VLAN_RES_CONFLICT· 533

PFILTER_VLAN_UNK_ERR·· 534

PIM messages· 534

PIM_NBR_DOWN·· 534

PIM_NBR_UP· 535

PING messages· 535

PING_STATISTICS· 535

PING_VPN_STATISTICS· 536

PKG messages· 536

PKG_BOOTLOADER_FILE_FAILED·· 536

PKG_BOOTLOADER_FILE_SUCCESS· 537

PKG_INSTALL_ACTIVATE_FAILED·· 537

PKG_INSTALL_ACTIVATE_SUCCESS· 537

PKI messages· 537

GET_CERT_FROM_CA_SERVER_FAIL· 538

IMPORT_CERT_FAIL· 538

REQUEST_CERT_FAIL· 540

REQUEST_CERT_SUCCESS· 540

RETRIEVE_CRL_FAIL· 541

VALIDATE_CERT_FAIL· 542

PKT2CPU messages· 543

PKT2CPU_NO_RESOURCE· 543

PKTCPT· 544

PKTCPT_AP_OFFLINE· 544

PKTCPT_AREADY_EXIT· 544

PKTCPT_CONN_FAIL· 545

PKTCPT_INVALID_FILTER·· 545

PKTCPT_LOGIN_DENIED·· 545

PKTCPT_MEMORY_ALERT· 546

PKTCPT_OPEN_FAIL· 546

PKTCPT_OPERATION_TIMEOUT· 546

PKTCPT_SERVICE_FAIL· 547

PKTCPT_UNKNOWN_ERROR·· 547

PKTCPT_UPLOAD_ERROR·· 547

PKTCPT_WRITE_FAIL· 548

Portal messages· 548

PORTAL_RULE_FAILED·· 548

PORTSEC messages· 549

PORTSEC_ACL_FAILURE· 549

PORTSEC_CAR_FAILURE· 549

PORTSEC_CREATEAC_FAILURE· 550

PORTSEC_LEARNED_MACADDR·· 550

PORTSEC_NTK_NOT_EFFECTIVE· 551

PORTSEC_PORTMODE_NOT_EFFECTIVE· 551

PORTSEC_PROFILE_FAILURE· 551

PORTSEC_URL_FAILURE· 552

PORTSEC_VIOLATION·· 552

PPP messages· 552

IPPOOL_ADDRESS_EXHAUSTED·· 553

PPP_USER_LOGON_SUCCESS· 553

PPP_USER_LOGON_FAILED·· 554

PPP_USER_LOGOFF· 554

PWDCTL messages· 555

ADDBLACKLIST· 555

CHANGEPASSWORD·· 556

FAILEDTOWRITEPWD·· 556

FAILEDTOOPENFILE· 556

NOENOUGHSPACE· 557

QOS messages· 557

MIRROR_SYNC_CFG_FAIL· 557

QOS_CAR_APPLYUSER_FAIL· 558

QOS_CBWFQ_REMOVED·· 558

QOS_GTS_APPLYUSER_FAIL· 559

QOS_NOT_ENOUGH_BANDWIDTH·· 559

QOS_POLICY_APPLYCOPP_CBFAIL· 560

QOS_POLICY_APPLYCOPP_FAIL· 560

QOS_POLICY_APPLYGLOBAL_CBFAIL· 561

QOS_POLICY_APPLYGLOBAL_FAIL· 561

QOS_POLICY_APPLYIF_CBFAIL· 562

QOS_POLICY_APPLYIF_FAIL· 562

QOS_POLICY_APPLYUSER_FAIL· 563

QOS_POLICY_APPLYVLAN_CBFAIL· 563

QOS_POLICY_APPLYVLAN_FAIL· 564

QOS_QMPROFILE_APPLYUSER_FAIL· 564

QOS_QMPROFILE_MODIFYQUEUE_FAIL· 565

WRED_TABLE_CFG_FAIL· 565

RADIUS messages· 565

RADIUS_AUTH_FAILURE· 566

RADIUS_AUTH_SUCCESS· 566

RADIUS_DELETE_HOST_FAIL· 566

RDDC messages· 566

RDDC_ACTIVENODE_CHANGE· 567

RESMON· 567

RESMON_MINOR·· 567

RESMON_MINOR_RECOVERY· 568

RESMON_SEVERE· 568

RESMON_SEVERE_RECOVERY· 569

RESMON_USEDUP· 569

RESMON_USEDUP_RECOVERY· 570

RIP messages· 570

RIP_MEM_ALERT· 570

RIP_RT_LMT· 570

RIPNG messages· 571

RIPNG_MEM_ALERT· 571

RIPNG_RT_LMT· 571

RM messages· 571

RM_ACRT_REACH_LIMIT· 572

RM_ACRT_REACH_THRESVALUE· 572

RM_THRESHLD_VALUE_REACH·· 572

RM_TOTAL_THRESHLD_VALUE_REACH·· 573

RPR messages· 573

RPR_EXCEED_MAX_SEC_MAC·· 573

RPR_EXCEED_MAX_SEC_MAC_OVER·· 573

RPR_EXCEED_MAX_STATION·· 574

RPR_EXCEED_MAX_STATION_OVER·· 574

RPR_EXCEED_RESERVED_RATE· 574

RPR_EXCEED_RESERVED_RATE_OVER·· 575

RPR_IP_DUPLICATE· 575

RPR_IP_DUPLICATE_OVER·· 575

RPR_JUMBO_INCONSISTENT· 576

RPR_JUMBO_INCONSISTENT_OVER·· 576

RPR_MISCABLING·· 576

RPR_MISCABLING_OVER·· 577

RPR_PROTECTION_INCONSISTENT· 577

RPR_PROTECTION_INCONSISTENT_OVER·· 577

RPR_SEC_MAC_DUPLICATE· 578

RPR_SEC_MAC_DUPLICATE_OVER·· 578

RPR_TOPOLOGY_INCONSISTENT· 578

RPR_TOPOLOGY_INCONSISTENT_OVER·· 579

RPR_TOPOLOGY_INSTABILITY· 579

RPR_TOPOLOGY_INSTABILITY_OVER·· 579

RPR_TOPOLOGY_INVALID·· 580

RPR_TOPOLOGY_INVALID_OVER·· 580

RRPP messages· 580

RRPP_RING_FAIL· 580

RRPP_RING_RESTORE· 581

RTM messages· 581

RTM_TCL_NOT_EXIST· 581

RTM_TCL_MODIFY· 581

RTM_TCL_LOAD_FAILED·· 582

SCM messages· 582

PROCESS_ABNORMAL· 582

PROCESS_ACTIVEFAILED·· 583

SCM_ABNORMAL_REBOOT· 583

SCM_ABNORMAL_REBOOTMDC·· 584

SCM_ABORT_RESTORE· 584

SCM_INSMOD_ADDON_TOOLONG·· 585

SCM_KERNEL_INIT_TOOLONG·· 585

SCM_PROCESS_STARTING_TOOLONG·· 586

SCM_PROCESS_STILL_STARTING·· 586

SCM_SKIP_PROCESS· 587

SCM_SKIP_PROCESS· 587

SCRLSP messages· 587

SCRLSP_LABEL_DUPLICATE· 588

SESSION messages· 588

SESSION_IPV4_FLOW·· 588

SESSION_IPV6_FLOW·· 590

SFLOW messages· 590

SFLOW_HARDWARE_ERROR·· 591

SHELL messages· 591

SHELL_CMD·· 591

SHELL_CMD_CONFIRM·· 591

SHELL_CMD_EXECUTEFAIL· 592

SHELL_CMD_INPUT· 592

SHELL_CMD_INPUT_TIMEOUT· 592

SHELL_CMD_MATCHFAIL· 593

SHELL_CMDDENY· 593

SHELL_CMDFAIL· 593

SHELL_CRITICAL_CMDFAIL· 594

SHELL_LOGIN·· 594

SHELL_LOGOUT· 594

SLSP messages· 594

SLSP_LABEL_DUPLICATE· 595

SMLK messages· 595

SMLK_LINK_SWITCH·· 595

SNMP messages· 595

SNMP_ACL_RESTRICTION·· 596

SNMP_AUTHENTICATION_FAILURE· 596

SNMP_GET· 596

SNMP_NOTIFY· 597

SNMP_SET· 597

SNMP_USM_NOTINTIMEWINDOW·· 598

SSHC messages· 598

SSHC_ALGORITHM_MISMATCH·· 598

SSHC_AUTH_PASSWORD_FAIL· 599

SSHC_AUTH_PUBLICKEY_FAIL· 599

SSHC_CERT_VERIFY_FAIL· 599

SSHC_CONNECT_FAIL· 601

SSHC_DECRYPT_FAIL· 601

SSHC_DISCONNECT· 601

SSHC_ENCRYPT_FAIL· 602

SSHC_HOST_NAME_ERROR·· 602

SSHC_KEY_EXCHANGE_FAIL· 602

SSHC_MAC_ERROR·· 603

SSHC_PUBLICKEY_NOT_EXIST· 603

SSHC_VERSION_MISMATCH·· 603

SSHS messages· 603

SSHS_ACL_DENY· 604

SSHS_ALGORITHM_MISMATCH·· 604

SSHS_AUTH_EXCEED_RETRY_TIMES· 604

SSHS_AUTH_FAIL· 605

SSHS_AUTH_TIMEOUT· 605

SSHC_CERT_VERIFY_FAIL· 605

SSHS_CONNECT· 607

SSHS_DECRYPT_FAIL· 607

SSHS_DISCONNECT· 607

SSHS_ENCRYPT_FAIL· 608

SSHS_LOG·· 608

SSHS_MAC_ERROR·· 608

SSHS_REACH_SESSION_LIMIT· 609

SSHS_REACH_USER_LIMIT· 609

SSHS_SCP_OPER·· 609

SSHS_SFTP_OPER·· 610

SSHS_SRV_UNAVAILABLE· 610

SSHS_VERSION_MISMATCH·· 610

STAMGR messages· 611

STAMGR_ADD_FAILVLAN·· 611

STAMGR_ADDBAC_INFO·· 611

STAMGR_ADDSTA_INFO·· 611

STAMGR_AUTHORACL_FAILURE· 612

STAMGR_AUTHORUSERPROFILE_FAILURE· 612

STAMGR_CLIENT_OFFLINE· 613

STAMGR_CLIENT_ONLINE· 613

STAMGR_DELBAC_INFO·· 613

STAMGR_DELSTA_INFO·· 614

STAMGR_DOT1X_LOGIN_FAILURE· 614

STAMGR_DOT1X_LOGIN_SUCC·· 615

STAMGR_DOT1X_LOGOFF· 615

STAMGR_MACA_LOGIN_FAILURE· 616

STAMGR_MACA_LOGIN_SUCC·· 616

STAMGR_MACA_LOGOFF· 617

STAMGR_STAIPCHANGE_INFO·· 617

STAMGR_TRIGGER_IP· 618

STM messages· 618

STM_AUTO_UPDATE_FAILED·· 619

STM_AUTO_UPDATE_FAILED·· 620

STM_AUTO_UPDATE_FINISHED·· 620

STM_AUTO_UPDATE_FINISHED·· 621

STM_AUTO_UPDATING·· 621

STM_AUTO_UPDATING·· 621

STM_LINK_DOWN·· 622

STM_LINK_MERGE· 622

STM_LINK_TIMEOUT· 622

STM_LINK_UP· 622

STM_MERGE_NEED_REBOOT· 623

STM_MERGE_NOT_NEED_REBOOT· 623

STM_SAMEMAC·· 623

STM_SOMER_CHECK· 624

STP messages· 624

STP_BPDU_PROTECTION·· 624

STP_BPDU_RECEIVE_EXPIRY· 624

STP_CONSISTENCY_RESTORATION·· 625

STP_DETECTED_TC·· 625

STP_DISABLE· 625

STP_DISCARDING·· 626

STP_DISPUTE· 626

STP_ENABLE· 626

STP_FORWARDING·· 627

STP_LOOP_PROTECTION·· 627

STP_LOOPBACK_PROTECTION·· 627

STP_NOT_ROOT· 628

STP_NOTIFIED_TC·· 628

STP_PORT_TYPE_INCONSISTENCY· 628

STP_PVID_INCONSISTENCY· 629

STP_PVST_BPDU_PROTECTION·· 629

STP_ROOT_PROTECTION·· 629

SYSLOG messages· 629

SYSLOG_LOGFILE_FULL· 630

SYSLOG_NO_SPACE· 630

SYSLOG_RESTART· 630

SYSLOG_RTM_EVENT_BUFFER_FULL· 631

TACACS messages· 631

TACACS_AUTH_FAILURE· 631

TACACS_AUTH_SUCCESS· 631

TACACS_DELETE_HOST_FAIL· 632

TELNETD messages· 632

TELNETD_ACL_DENY· 632

TELNETD_REACH_SESSION_LIMIT· 633

TRILL messages· 633

TRILL_DUP_SYSTEMID·· 633

TRILL_INTF_CAPABILITY· 634

TRILL_LICENSE_EXPIRED·· 634

TRILL_LICENSE_EXPIRED_TIME· 634

TRILL_LICENSE_UNAVAILABLE· 635

TRILL_MEM_ALERT· 635

TRILL_NBR_CHG·· 635

VCF messages· 636

VCF_AGGR_CREAT· 636

VCF_AGGR_DELETE· 636

VCF_AGGR_FAILED·· 637

VCF_AUTO_ANALYZE_USERDEF· 637

VCF_AUTO_NO_USERDEF· 637

VCF_AUTO_START· 638

VCF_AUTO_STATIC_CMD·· 638

VCF_BGP· 638

VCF_DOWN_LINK· 639

VCF_GET_IMAGE· 639

VCF_GET_TEMPLATE· 640

VCF_INSTALL_IMAGE· 640

VCF_IRF_FINISH·· 640

VCF_IRF_FOUND·· 641

VCF_IRF_REBOOT· 641

VCF_IRF_START· 642

VCF_LOOPBACK_START· 642

VCF_LOOPBACK_START_FAILED·· 643

VCF_LOOPBACK_ALLOC·· 643

VCF_LOOPBACK_NO_FREE_IP· 644

VCF_LOOPBACK_RECLAIM·· 644

VCF_REBOOT· 644

VCF_SKIP_INSTALL· 645

VCF_STATIC_CMD_ERROR·· 645

VCF_UP_LINK· 645

VLAN messages· 646

VLAN_CREATEVLAN_NO_ENOUGH_RESOUR·· 646

VLAN_FAILED·· 646

VLAN_VLANMAPPING_FAILED·· 646

VLAN_VLANTRANSPARENT_FAILED·· 647

VRRP messages· 647

VRRP_STATUS_CHANGE· 648

VRRP_VF_STATUS_CHANGE· 649

VRRP_VMAC_INEFFECTIVE· 649

VSRP messages· 649

VSRP_BIND_FAILED·· 650

VXLAN messages· 650

VXLAN_LICENSE_UNAVAILABLE· 650

WIPS messages· 650

APFLOOD·· 650

AP_CHANNEL_CHANGE· 651

ASSOCIATEOVERFLOW·· 651

HONEYPOT· 651

HTGREENMODE· 652

MAN_IN_MIDDLE· 652

WIPS_DOS· 652

WIPS_FLOOD·· 653

WIPS_MALF· 654

WIPS_SPOOF· 654

WIPS_WEAKIV· 655

WIRELESSBRIDGE· 655

 


Introduction

This document includes the following system messages:

·     Messages specific to Release 7568 of the switch.

·     Messages for the Comware 7 software platform version based on which Release 7568 was produced. Some platform system messages might not be available on the switch.

This document is intended only for managing 7500E switches. Do not use this document for any other device models.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

·     Log host:

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

·     Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

Table 1 System log message elements

Element

Description

<PRI>

Priority identifier. It is calculated by using the following formula:

Priority identifier=facilityx8+severity

Where:

·     Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages.

·     Severity represents the importance of the message. For more information about severity levels, see Table 2.

Prefix

Message type identifier. This element is contained in the system log messages sent to non-log host destinations.

The element uses the following symbols to indicate message severity:

·     Percentage sign (%)—Informational and higher levels.

·     Asterisk (*)—Debug level.

TIMESTAMP

Date and time when the event occurred.

The following are commands for configuring the timestamp format:

·     Log host—Use the info-center timestamp loghost command.

·     Non-log host destinations—Use the info-center timestamp command.

Sysname

Name or IP address of the device that generated the message.

%%vendor

Manufacturer flag. This element is %%10 for H3C.

This element is only available in messages sent to the log host.

MODULE

Name of the module that produced the message.

severity

Severity level of the message. (For more information about severity levels, see Table 2.)

MNEMONIC

Text string that uniquely identifies the system message. The maximum length is 32 characters.

location

Optional. This element presents location information for the message in the following format:

-attribute1=x-attribute2=y…-attributeN=z

This element is separated from the message description by using a semicolon (;).

CONTENT

Text string that contains detailed information about the event or error.

For variable fields in this element, this document uses the representations in Table 3.

 

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 2.

Table 2 System log message severity levels

Level

Severity

Description

0

Emergency

The system is unusable. For example, the system authorization has expired.

1

Alert

Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.

2

Critical

Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.

3

Error

Error condition. For example, the link state changes or a storage card is unplugged.

4

Warning

Warning condition. For example, an interface is disconnected, or the memory resources are used up.

5

Notification

Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.

6

Informational

Informational message. For example, a command or a ping operation is executed.

7

Debug

Debugging message.

 

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation

Information type

INT16

Signed 16-bit decimal number.

UINT16

Unsigned 16-bit decimal number.

INT32

Signed 32-bit decimal number.

UINT32

Unsigned 32-bit decimal number.

INT64

Signed 64-bit decimal number.

UINT64

Unsigned 64-bit decimal number.

DOUBLE

Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].

HEX

Hexadecimal number.

CHAR

Single character.

STRING

Character string.

IPADDR

IP address.

MAC

MAC address.

DATE

Date.

TIME

Time.

 

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, log buffer, monitor terminal, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

·     To display log messages on the monitor terminal, you must configure the terminal monitor command.

·     For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

 

 

NOTE:

Settings for the terminal logging level and info-center source commands take effect only on the current login session. The default settings for the commands restore at a relogin.

 

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/.

To view the contents of the log file on the device, use the more command.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 9 lists all software modules that might produce system log messages. This document uses "OPENSRC" to represent all open source modules.

Table 4 Software module list

Module name representation

Module name expansion

AAA

Authentication, Authorization and Accounting

ACL

Access Control List

APMGR

Access Point Management

ARP

Address Resolution Protocol

BFD

Bidirectional Forwarding Detection

BGP

Border Gateway Protocol

CFD

Connectivity Fault Detection

CM

Configuration Management

DEV

Device Management

DIAG

Diagnosis

DLDP

Device Link Detection Protocol

ETHOAM

Ethernet Operation, Administration and Maintenance

EVIISIS

Ethernet Virtual Interconnect Intermediate System-to-Intermediate System

FCOE

Fibre Channel Over Ethernet

FCLINK

Fabre Channel Link

FCZONE

Fibre Channel Zone

FIPS

FIP Snooping

HA

High Availability

HTTPD

Hypertext Transfer Protocol Daemon

IFNET

Interface Net Management

IKE

Internet Key Exchange

IPSEC

IP Security

IRDP

ICMP Router Discovery Protocol

ISIS

Intermediate System-to-Intermediate System

L2VPN

Layer 2 VPN

LAGG

Link Aggregation

LDP

Label Distribution Protocol

LLDP

Link Layer Discovery Protocol

LOAD

Load Management

LOGIN

Login

LPDT

Loopback Detection

LS

Local Server

LSPV

LSP Verification

MAC

Media Access Control

MBFD

MPLS BFD

MDC

Multitenant Device Context

MFIB

Multicast Forwarding Information Base

MGROUP

Mirroring group

MPLS

Multiprotocol Label Switching

MSTP

Multiple Spanning Tree Protocol

MTLK

Monitor Link

ND

Neighbor Discovery

NQA

Network Quality Analyzer

NTP

Network Time Protocol

OPENSRC

Open Source

OPTMOD

Optical Module

OSPF

Open Shortest Path First

OSPFV3

Open Shortest Path First Version 3

PBB

Provider Backbone Bridge

PIM

Protocol Independent Multicast

PING

Packet Internet Groper

PKI

Public Key Infrastructure

PKT2CPU

Packet to CPU

PORTSEC

Port Security

PPP

Point to Point Protocol

PWDCTL

Password Control

QOS

Quality of Service

RADIUS

Remote Authentication Dial In User Service

RIP

Routing Information Protocol

RIPNG

Routing Information Protocol Next Generation

RM

Routing Management

SCM

Service Control Manager

SHELL

Shell

SMLK

Smart Link

SNMP

Simple Network Management Protocol

SSHS

Secure Shell Server

STAMGR

Station Management

STM

Stack Topology Management (IRF)

SYSLOG

System Log

TACACS

Terminal Access Controller Access Control System

TRILL

Transparent Interconnect of Lots of Links

VLAN

Virtual Local Area Network

VRRP

Virtual Router Redundancy Protocol

 

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. Except for OPENSRC, the system log messages for each module are listed in alphabetic order of their mnemonic names. The OPENSRC messages are unordered because they use the same mnemonic name (SYSLOG). For each OPENSRC message, the section title uses a short description instead of the mnemonic name.

This document explains messages in tables. Table 10 describes information provided in these tables.

Table 5 Message explanation table contents

Item

Content

Example

Message text

Presents the message description.

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

Briefly describes the variable fields in the order that they appear in the message text.

The variable fields are numbered in the "$Number" form to help you identify their location in the message text.

$1: ACL number.

$2: ID and content of an ACL rule.

$3: Number of packets that matched the rule.

Severity level

Provides the severity level of the message.

6

Example

Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

Explains the message, including the event or error cause.

Number of packets that matched an ACL rule. This message is sent when the packet counter changes.

Recommended action

Provides recommended actions. For informational messages, no action is required.

No action is required.

 

AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

5

Example

AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.

Explanation

An AAA request was rejected.

The following are the common reasons:

·     No response was received from the server.

·     The username or password was incorrect.

·     The service type that the user applied for was incorrect.

Recommended action

1.     Verify that the device is correctly connected to the server.

2.     Enter the correct username and password.

3.     Verify that the server settings are the same as the settings on the device.

4.     If the problem persists, contact H3C Support.

 

AAA_LAUNCH

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.

Explanation

An AAA request was received.

Recommended action

No action is required.

 

AAA_SUCCESS

Message text

-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.

Variable fields

$1: AAA type.

$2: AAA scheme.

$3: Service.

$4: Username.

Severity level

6

Example

AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.

Explanation

An AAA request was accepted.

Recommended action

No action is required.

 

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text

Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.

Explanation

Hardware resources were insufficient for accelerating an ACL.

Recommended action

Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

 

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text

Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.

Explanation

ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORT

Message text

Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.

Explanation

ACL acceleration failed because the system does not support ACL acceleration.

Recommended action

No action is required.

 

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text

Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.

Variable fields

$1: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.

Explanation

ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.

Recommended action

Check the ACL rules and delete the unsupported configuration.

 

ACL_ACCELERATE_UNK_ERR

Message text

Failed to accelerate [STRING] ACL [UINT32].

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

4

Example

ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.

Explanation

ACL acceleration failed because of an unknown error.

Recommended action

No action is required.

 

ACL_IPV6_STATIS_INFO

Message text

IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv6 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL6/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).

Explanation

The number of packets matching the IPv6 ACL rule changed.

Recommended action

No action is required.

 

ACL_NO_MEM

Message text

Failed to configure [STRING] ACL [UINT] due to lack of memory.

Variable fields

$1: ACL type.

$2: ACL number.

Severity level

3

Example

ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.

Explanation

Configuring the ACL failed because memory is insufficient.

Recommended action

Use the display memory-threshold command to check the memory usage.

 

ACL_STATIS_INFO

Message text

ACL [UINT32] [STRING] [UINT64] packet(s).

Variable fields

$1: ACL number.

$2: ID and content of an IPv4 ACL rule.

$3: Number of packets that matched the rule.

Severity level

6

Example

ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).

Explanation

The number of packets matching the IPv4 ACL rule changed.

Recommended action

No action is required.

 

 

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text

-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected.

Variable fields

$1: ANCP neighbor name.

$2: Neighbor state.

$3: Message type.

$4: Field.

$5: Wrong value of the field.

$6: Expected value of the field.

Severity level

6

Example

ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected.

Explanation

The system received an adjacency message that had a field with a wrong value.

Recommended action

No action is required.

 

 

APMGR messages

This section contains access point management messages.

APMGR_AC_MEM_ALERT

Message text

The memory utilization has reached the threshold.

Variable fields

N/A

Severity level

4

Example

APMGR/4/APMGR_AC_MEM_ALERT: The memory utilization has reached the threshold.

Explanation

The AP failed to come online because the memory utilization exceeded the limit.

Recommended action

Stop creating manual APs and prevent APs from coming online.

 

APMGR_ADD_AP_FAIL

Message text

AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING].

Variable fields

$1: AP name.

$2: Serial ID.

$3: MAC address.

$4: AP name.

Severity level

4

Example

APMGR/4/ APMGR_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2.

Explanation

The AP failed to come online because a manual AP that has the same MAC address already exists on the AC.

Recommended action

Delete either the manual AP that has the MAC address or the serial ID.

 

APMGR_ADDBAC_INFO

Message text

Add BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

APMGR/6/APMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was connected to the master AC.

Recommended action

No action is required.

 

APMGR_AP_OFFLINE

Message text

AP [STRING] went offline. State changed to Idle.

Variable fields

$1: AP name.

Severity level

6

Example

APMGR/6/APMGR_AP_OFFLINE: AP ap1 went offline. State changed to Idle.

Explanation

The AP went offline. The state of the AP changed to Idle.

Recommended action

If the AP went offline abnormally, check the debugging information to locate the issue and resolve it.

 

APMGR_AP_ONLINE

Message text

AP [STRING] went online. State changed to Run.

Variable fields

$1: AP name.

Severity level

6

Example

APMGR/6/APMGR_AP_ONLINE: AP ap1 went online. State changed to Run.

Explanation

The AP came online. The state of the AP changed to Run.

Recommended action

No action is required.

 

APMGR_CWC_IMG_DOWNLOAD_COMPLETE

Message text

System software image file [STRING] downloading through the CAPWAP tunnel to AC [STRING] completed.

Variable fields

$1: Image file name.

$2: AC IP address.

Severity level

6

Example

APMGR/6/APMGR_CWC_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel to AC 192.168.10.1 completed.

Explanation

The AP downloaded the image file from the AC successfully.

Recommended action

No action is required.

 

APMGR_CWC_IMG_DOWNLOAD_START

Message text

Started to download the system software image file [STRING] through the CAPWAP tunnel to AC [STRING].

Variable fields

$1: Image file name.

$2: AC IP address.

Severity level

6

Example

APMGR/6/APMGR_CWC_IMG_DOWNLOAD_START: Started to download the system software image file 5800.ipe through the CAPWAP tunnel to AC 192.168.10.1.

Explanation

The AP started to download the image file from the AC.

Recommended action

Make sure the AP is correctly connected to the AC.

 

APMGR_CWC_IMG_NO_ENOUGH_SPACE

Message text

Insufficient flash memory space for downloading system software image file [STRING].

Variable fields

$1: Image file name.

Severity level

6

Example

APMGR/6/APMGR_CWC_IMG_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading system software image file 5800.ipe.

Explanation

The AP failed to download the image file from the AC because of insufficient flash memory.

Recommended action

Delete files not in use from the AP.

 

APMGR_CWC_LOCAL_AC_DOWN

Message text

CAPWAP tunnel to Central AC [STRING] went down. Reason: [STRING].

Variable fields

$1: IP address of the central AC.

$2: Reason:

·     Added local AC IP address.

·     Deleted local AC IP address.

·     Local AC interface used for CAPWAP tunnel went down.

·     Local AC config changed.

·     N/A

Severity level

4

Example

APMGR/4/APMGR_CWC_LOCAL_AC_DOWN: CAPWAP tunnel to Central AC 2.2.2.1 went down. Reason: Added local AC IP address.

Explanation

The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.

Recommended action

To resolve the issue:

1.     Examine the network connection between the central AC and the local AC.

2.     Verify that the central AC is correctly configured.

3.     Verify that the local AC is correctly configured.

4.     If the issue persists, contact H3C Support.

 

APMGR_CWC_LOCAL_AC_UP

Message text

CAPWAP tunnel to Central AC [STRING] went up.

Variable fields

$1: IP address of the central AC.

Severity level

6

Example

APMGR/6/APMGR_CWC_LOCAL_AC_UP: CAPWAP tunnel to Central AC 2.2.2.1 went up.

Explanation

The central AC has established a CAPWAP tunnel with the local AC.

Recommended action

No action is required.

 

APMGR_CWC_REBOOT

Message text

AP in state [STRING] is rebooting. Reason: [STRING]

Variable fields

$1: AP state.

$2: Reason:

·     AP was reset.

·     Image was downloaded successfully.

·     AP stayed in idle state for a long time.

Severity level

6

Example

APMGR/6/APMGR_CWC_REBOOT: AP in State Run is rebooting. Reason: AP was reset.

Explanation

The AP rebooted for a specific reason.

Recommended action

No action is required.

 

APMGR_CWC_RUN_DOWNLOAD_COMPLETE

Message text

File [STRING] successfully downloaded through the CAPWAP tunnel to AC [STRING].

Variable fields

$1: File name.

$2: AC IP address.

Severity level

6

Example

APMGR/6/APMGR_CWC_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel to AC 192.168.10.1.

Explanation

The AP downloaded the file from the AC successfully.

Recommended action

No action is required.

 

APMGR_CWC_RUN_DOWNLOAD_START

Message text

Started to download the file [STRING] through the CAPWAP tunnel to AC [STRING].

Variable fields

$1: File name.

$2: AC IP address.

Severity level

6

Example

APMGR/6/APMGR_CWC_RUN_DOWNLOAD_START: Started to download the file ac.cfg through the CAPWAP tunnel to AC 192.168.10.1.

Explanation

The AP started to download the file from the AC.

Recommended action

Make sure the AP is correctly connected to the AC.

 

APMGR_CWC_RUN_NO_ENOUGH_SPACE

Message text

Insufficient flash memory space for downloading file [STRING].

Variable fields

$1: File name.

Severity level

6

Example

APMGR/6/APMGR_CWC_RUN_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading file ac.cfg.

Explanation

The AP failed to download the file from the AC because of insufficient flash memory.

Recommended action

Delete files not in use from the AP.

 

APMGR_CWC_TUNNEL_DOWN

Message text

CAPWAP tunnel to AC [STRING] went down. Reason: [STRING].

Variable fields

$1: AC IP address.

$2: Reason:

·     Added AP IP address.

·     Deleted AP IP address.

·     AP interface used for CAPWAP tunnel went down.

·     AP config changed.

·     AP was reset.

·     Number of echo retransmission attempts exceeded the limit.

·     Full retransmission queue.

·     Data channel timer expired.

·     Backup AC IP address changed.

·     Backup tunnel changed to master tunnel.

·     Failed to change backup tunnel to master tunnel.

·     Backup method changed.

·     N/A.

Severity level

6

Example

APMGR/6/APMGR_CWC_TUNNEL_DOWN: CAPWAP tunnel to AC 192.168.10.1 went down. Reason: AP was reset.

Explanation

The CAPWAP tunnel between the AP and the AC was terminated for a specific reason.

Recommended action

Examine the network connection between the AP and the AC.

 

APMGR_CWC_TUNNEL_UP

Message text

[STRING] CAPWAP tunnel to AC [STRING] went up.

Variable fields

$1: Tunnel type:

·     Master.

·     Backup.

$2: AC IP address.

Severity level

6

Example

APMGR/6/APMGR_CWC_TUNNEL_UP: Master CAPWAP tunnel to AC 192.168.10.1 went up.

Explanation

The AP was connected to the AC successfully and entered Run state.

Recommended action

No action is required.

 

APMGR_CWS_IMG_DOWNLOAD_COMPLETE

Message text

System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed.

Variable fields

$1: Image file name.

$2: AP name.

Severity level

6

Example

APMGR/6/APMGR_ CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed.

Explanation

The AP downloaded the image file from the AC successfully.

Recommended action

No action is required.

 

APMGR_CWS_IMG_DOWNLOAD_START

Message text

AP [STRING] started to download the system software image file [STRING].

Variable fields

$1: AP name.

$2: Image file name.

Severity level

6

Example

APMGR/6/APMGR_CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe.

Explanation

The AP started to download the image file from the AC.

Recommended action

No action is required.

 

APMGR_CWS_LOCAL_AC_DOWN

Message text

CAPWAP tunnel to local AC [STRING] went down. Reason: [STRING].

Variable fields

$1: IP address of the local AC.

$2: Reason:

·     Neighbor dead timer expired.

·     Local AC was deleted.

·     Serial number changed.

·     Processed join request in Run state.

·     Failed to retransmit message.

·     N/A

Severity level

4

Example

APMGR/4/APMGR_CWS_LOCAL_AC_DOWN: CAPWAP tunnel to local AC 1.1.1.1 went down. Reason: Serial number changed.

Explanation

The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.

Recommended action

To resolve the issue:

1.     Examine the network connection between the central AC and the local AC.

2.     Verify that the central AC is correctly configured.

3.     Verify that the local AC is correctly configured.

4.     If the issue persists, contact H3C Support.

 

APMGR_CWS_LOCAL_AC_UP

Message text

CAPWAP tunnel to local AC [STRING] went up.

Variable fields

$1: IP address of the local AC.

Severity level

6

Example

APMGR/6/APMGR_CWS_LOCAL_AC_UP: CAPWAP tunnel to local AC 1.1.1.1 went up.

Explanation

The central AC has established a CAPWAP tunnel with the local AC.

Recommended action

No action is required.

 

APMGR_CWS_RUN_DOWNLOAD_COMPLETE

Message text

File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING].

Variable fields

$1: File name.

$2: AP name.

Severity level

6

Example

APMGR/6/APMGR_CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2.

Explanation

The AP downloaded the file from the AC successfully.

Recommended action

No action is required.

 

APMGR_CWS_RUN_DOWNLOAD_START

Message text

AP [STRING] started to download the file [STRING].

Variable fields

$1: AP name.

$2: File name.

Severity level

6

Example

APMGR/6/APMGR_CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg.

Explanation

The AP started to download the file from the AC.

Recommended action

No action is required.

 

APMGR_CWS_TUNNEL_DOWN

Message text

CAPWAP tunnel to AP [STRING] went down. Reason: [STRING].

Variable fields

$1: AP name.

$2: Reason:

·     Neighbor dead timer expired.

·     AP was reset.

·     AP was deleted.

·     Serial number changed.

·     Processed join request in Run state.

·     Failed to retransmit message.

·     Received WTP tunnel down event from AP.

·     Backup AC closed the backup tunnel.

·     Tunnel switched.

·     N/A.

Severity level

6

Example

APMGR/6/APMGR_CWS_TUNNEL_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset.

Explanation

The AP went offline for a specific reason.

Recommended action

To resolve the issue:

1.     Examine the network connection between the AP and the AC.

2.     Verify that the AP is correctly configured.

3.     Verify that the AC is correctly configured.

4.     If the issue persists, contact H3C Support.

 

APMGR_CWS_TUNNEL_UP

Message text

[STRING] CAPWAP tunnel to AP [STRING] went up.

Variable fields

$1: Tunnel type:

·     Master.

·     Backup.

$2: AP name.

Severity level

6

Example

APMGR/6/APMGR_CWS_TUNNEL_UP: Backup CAPWAP tunnel to AP ap1 went up.

Explanation

The AP came online and entered Run state.

Recommended action

No action is required.

 

APMGR_DELBAC_INFO

Message text

Delete BAS AC [STRING].

Variable fields

$1: MAC address of the BAS AC.

Severity level

6

Example

APMGR/6/APMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.

Explanation

The BAS AC was disconnected from the master AC.

Recommended action

No action is required.

 

APMGR_LOCAL_AC_OFFLINE

Message text

Local AC [STRING] went offline. State changed to Idle.

Variable fields

$1: Name of the local AC.

Severity level

6

Example

APMGR/6/APMGR_LOCAL_AC_OFFLINE: Local AC ac1 went offline. State changed to Idle.

Explanation

The local AC went offline. The state of the local AC changed to Idle.

Recommended action

1.     If the local AC went offline abnormally, check the debugging information to locate the issue and resolve it.

2.     If the issue persists, contact H3C Support.

 

APMGR_LOCAL_AC_ONLINE

Message text

Local AC [STRING] went online. State changed to Run.

Variable fields

$1: Name of the local AC.

Severity level

6

Example

APMGR/6/APMGR_LOCAL_AC_ONLINE: Local AC ac1 went online. State changed to Run.

Explanation

The local AC came online. The state of the local AC changed to Run.

Recommended action

No action is required.

 

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text

No ARP reply from IP [STRING] was received on interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.

Explanation

The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message.

This message indicates the risk of attacks.

Recommended action

1.     Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first.

2.     If the ARP entries are correct and the attack continues, contact H3C Support.

 

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text

Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.

Variable fields

$1: Interface name.

$2: IP address.

Severity level

6

Example

ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.

Explanation

The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP.

This message indicates the risk of attacks.

Recommended action

No action is required. The device discards the ARP reply automatically.

 

ARP_BINDRULETOHW_FAILED

Message text

Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].

Variable fields

$1: Interface name.

$2: Source IP address.

$3: Source MAC address.

$4: VLAN ID.

$5: Gateway MAC address.

Severity level

5

Example

ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface GigabitEthernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.

Explanation

The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations:

·     The resources are not sufficient for the operation.

·     The memory is not sufficient for the operation.

·     A hardware error occurs.

Recommended action

To resolve the problem:

1.     Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient.

?     If yes, proceed to step 2.

?     If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2.

2.     Execute the display memory command to check if the memory for the operation is sufficient.

?     If yes, proceed to step 3.

?     If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3.

3.     Delete the configuration and perform the operation again.

 

ARP_DETECTION_LOG

Message text

Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped.

Variable fields

$1: Interface name.

$2: IP address.

$3: MAC address.

$4: VLAN ID.

$5: Number of dropped packets.

Severity level

5

Example

ARP/5/ARP_INSPECTION: -MDC=1; Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped.

Explanation

An ARP attack was detected on an interface and attack packets were dropped.

Recommended action

Check the source of the ARP attack.

 

ARP_DUPLICATE_IPADDR_DETECT

Message text

Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR].

Variable fields

$1: MAC address.

$2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$3: VSI name.

$4: MAC address.

$5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.)

$6: VSI name.

$7: Conflicting IP address.

Severity level

6

Example

ARP/6/ ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface GigabitEthernet1/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1.

Explanation

This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different.

Recommended action

Change the IP address on either of the two devices.

 

ARP_DYNAMIC

Message text

The maximum number of dynamic ARP entries for the device reached.

Variable fields

N/A

Severity level

6

Example

ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached.

Explanation

The maximum number of dynamic ARP entries for the device was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_IF

Message text

The maximum number of dynamic ARP entries for interface [STRING] reached.

Variable fields

$1: Interface name.

Severity level

6

Example

ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached.

Explanation

The maximum number of dynamic ARP entries for the specified interface was reached.

Recommended action

No action is required.

 

ARP_DYNAMIC_SLOT

Message text

(Distributed devices in standalone mode.) (Centralized IRF devices) The maximum number of dynamic ARP entries for slot [UINT32] reached.

(Distributed devices in IRF mode.) The maximum number of dynamic ARP entries for chassis [UINT32] slot [UINT32] reached.

Variable fields

$1: Slot number. (Distributed devices in standalone mode.)

$1: Member device ID. (Centralized IRF devices)

$2: Member device ID. (Distributed devices in IRF mode.)

$3: Slot number. (Distributed devices in IRF mode.)

Severity level

6

Example

ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached.

ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for chassis 1 slot 2 reached.

Explanation

The maximum number of dynamic ARP entries for the card was reached. (Distributed devices in standalone mode.)

The maximum number of dynamic ARP entries for the member device was reached. (Centralized IRF devices)

The maximum number of dynamic ARP entries for the card on the member device was reached. (Distributed devices in IRF mode.)

Recommended action

No action is required.

 

ARP_ENTRY_CONFLICT

Message text

The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING].

Variable fields

$1: IP address.

$2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network.

$3: Inconsistent items:

?     MAC address.

?     output interface.

?     output port.

?     outermost layer VLAN ID.

?     second outermost layer VLAN ID.

?     VSI index.

?     link ID.

Severity level

6

Example

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public  network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.

Explanation

The software entry for the specified IP address is not the same as the hardware entry. For example, they do not have the same output interface.

Recommended action

No action is required. ARP automatically refreshes the hardware entries.

 

ARP_HOST_IP_CONFLICT

Message text

The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: Interface name.

Severity level

4

Example

ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.

Explanation

The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.

Recommended action

Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

 

ARP_LOCALPROXY_ENABLE_FAILED

Message text

Failed to enable local proxy ARP on interface [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local proxy ARP on interface VSI-interface 1.

Explanation

This message is sent when the device fails to enable local proxy ARP on an interface in a slot. If the interface resides on the MPU, the slot number is 0.

Recommended action

1.     Verify that the card supports local proxy ARP.

2.     Verify that sufficient hardware resources are available.

 

ARP_RATE_EXCEEDED

Message text

The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.

Variable fields

$1: ARP packet rate.

$2: ARP limit rate.

$3: Interface name.

$4: Interval time.

Severity level

4

Example

ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.

Explanation

An interface received ARP messages at a higher rate than the rate limit.

Recommended action

Verify that the hosts at the sender IP addresses are legitimate.

 

ARP_RATELIMIT_NOTSUPPORT

Message text

(Distributed devices in standalone mode.) (Centralized IRF devices) ARP packet rate limit is not support on slot [UINT32].

(Distributed devices in IRF mode.) ARP packet rate limit is not support on chassis [UINT32] slot [UINT32].

Variable fields

$1: Slot number. (Distributed devices in standalone mode.)

$1: Member device ID. (Centralized IRF devices)

$2: Member device ID. (Distributed devices in IRF mode.)

$3: Slot number. (Distributed devices in IRF mode.)

Severity level

6

Example

ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2.

Explanation

ARP packet rate limit is not supported on the card. (Distributed devices in standalone mode.)

ARP packet rate limit is not supported on the member device. (Centralized IRF devices)

ARP packet rate limit is not supported on the card of the member device was reached. (Distributed devices in IRF mode.)

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_IP_INVALID

Message text

Sender IP [STRING] was not on the same network as the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.

Explanation

The sender IP of a received ARP message was not on the same network as the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_SENDER_MAC_INVALID

Message text

Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].

Variable fields

$1: MAC address.

$2: MAC address.

$3: Interface name.

Severity level

6

Example

ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.

Explanation

An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.

Recommended action

Verify that the host at the sender MAC address is legitimate.

 

ARP_SENDER_SMACCONFLICT

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

Severity level

6

Example

ARP/6/ ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device.

Recommended action

No action is required.

 

ARP_SENDER_SMACCONFLICT_VSI

Message text

Packet was discarded because its sender MAC address was the MAC address of the receiving interface.

Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].

Variable fields

$1: Interface name.

$2: Sender IP address.

$3: Target IP address.

$4: VSI index.

$5: Link ID.

Severity level

6

Example

ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface.

Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0

Explanation

The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface.

Recommended action

No action is required.

 

ARP_SRC_MAC_FOUND_ATTACK

Message text

An attack from MAC [STRING] was detected on interface [STRING].

Variable fields

$1: MAC address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.

Explanation

The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold.

This message indicates the risk of attacks.

Recommended action

Verify that the host at the source MAC address is legitimate.

 

ARP_SUP_ENABLE_FAILED

Message text

Failed to enable ARP flood suppression on VSI [STRING].

Variable fields

$1: VSI name.

Severity level

4

Example

ARP/4/ARP_SUP_ENABLE_FAILED: -MDC=1; Failed to enable ARP flood suppression on VSI vpna.

Explanation

This message is sent when the system failed to enable ARP flood suppression for a VSI. The minimum interval between two log messages is 2 seconds. To make the system send the message successfully, wait for a minimum of 2 seconds before you enable ARP flood suppression for another VSI.

Recommended action

1.     Verify that the device supports ARP flood suppression.

2.     Verify that the hardware resources are sufficient.

 

ARP_TARGET_IP_INVALID

Message text

Target IP [STRING] was not the IP of the receiving interface [STRING].

Variable fields

$1: IP address.

$2: Interface name.

Severity level

6

Example

ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.

Explanation

The target IP address of a received ARP message was not the IP address of the receiving interface.

Recommended action

Verify that the host at the sender IP address is legitimate.

 

ARP_THRESHOLD_REACHED

Message text

The alarm threshold for dynamic ARP entry learning was reached on interface [STRING].

Variable fields

$1: Interface name.

Severity level

4

Example

ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1.

Explanation

This message is sent when the alarm threshold for dynamic ARP learning was reached on GigabitEthernet 1/0/1.

Recommended action

Verify that the number of learned dynamic ARP entries matches the actual number of devices in the network and no ARP attack sources exist in the network.

 

DUPIFIP

Message text

Duplicate address [STRING] on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC Address.

Severity level

6

Example

ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.

Explanation

ARP detected a duplicate address.

The sender IP in the received ARP packet was being used by the receiving interface.

Recommended action

Modify the IP address configuration.

 

DUPIP

Message text

IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].

Variable fields

$1: IP address.

$2: MAC Address.

Severity level

6

Example

ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.

Explanation

The sender IP address of the received ARP packet conflicted with the global or imported IP address.

Recommended action

Modify the IP address configuration.

 

DUPVRRPIP

Message text

IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].

Variable fields

$1: IP address.

$2: Interface name.

$3: MAC address.

Severity level

6

Example

ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.

Explanation

The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.

Recommended action

Modify the IP address configuration.

 

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ADDRMASK_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP address mask reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Destination port number.

$7: Name of the receiving VPN instance.

$8: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP echo request is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_REQ_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.

Recommended action

No action is required.

 

ATK_ICMP_ECHO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_ECHO_RPL_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP echo reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD

Message text

RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_FLOOD_SZ

Message text

SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].

Variable fields

$1: Source security zone name.

$2: Destination IP address.

$3: Destination port number.

$4: Name of the receiving VPN instance.

$5: Rate limit.

$6: Actions against the attack.

$7: Start time of the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.

Explanation

This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received.

If log aggregation is disabled, this message is sent every time an ICMP information request is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_REQ_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_REQ_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information request logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received.

If log aggregation is disabled, this message is sent every time an ICMP information reply is received.

Recommended action

No action is required.

 

ATK_ICMP_INFO_RPL_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_INFO_RPL_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP information reply logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a large ICMP packet is received.

Recommended action

No action is required.

 

ATK_ICMP_LARGE_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when large ICMP packet logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PARAPROBLEM_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_PARAPROBLEM_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP parameter problem logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0.

If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time a packet is received.

Recommended action

No action is required.

 

ATK_ICMP_PINGOFDEATH_SZ

Message text

SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Source security zone name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_PINGOFDEATH_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation

This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW

Message text

IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Receiving interface name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_RAW_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_RAW_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.

Explanation

If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received.

If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.

Recommended action

No action is required.

 

ATK_ICMP_REDIRECT_SZ

Message text

IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: ICMP message type.

$2: Source security zone name.

$3: Source IP address.

$4: IP address of the peer DS-Lite tunnel interface.

$5: Destination IP address.

$6: Name of the receiving VPN instance.

$7: Actions against the attack.

$8: Start time of the attack.

$9: End time of the attack.

$10: Attack times.

Severity level

5

Example

ATK/5/ATK_ICMP_REDIRECT_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.

Explanation

This message is sent when ICMP redirect logs are aggregated.

Recommended action

No action is required.

 

ATK_ICMP_SMURF

Message text

RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].

Variable fields

$1: Receiving interface name.

$2: Source IP address.

$3: IP address of the peer DS-Lite tunnel interface.

$4: Destination IP address.

$5: Name of the receiving VPN instance.

$6: Actions against the attack.

$7: Start time of the attack.

$8: End time of the attack.

$9: Attack times.

Severity level

3

Example

ATK/3/ATK_ICMP_SMURF: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.

Explanation