 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
This chapter describes messages with the ASP prefix. They are generated by services on the Adaptive Services Physical Interface Card (AS PIC), such as stateful firewall, Network Address Translation (NAT), and intrusion detection service (IDS). For information about configuring system logging for services on the AS PIC, see the JUNOS Services Interfaces Configuration Guide.
For information about the fields in messages with the ASP prefix, see “Interpreting Messages Generated in Standard Format by Services on a PIC” on page 43.
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
A packet matched the indicated term in the indicated class-of-service (CoS) rule. If the rule belongs to a rule set, the name of the rule set is also displayed. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
info
Host destination-address, event-type ... rate=rate events/sec
The indicated event occurred at the indicated rate (events per second) for the indicated destination IP address. The rate exceeds the intrusion detection services (IDS) threshold configured with the 'threshold' statement at the [edit services rule <rule-name> term <term-name> then logging] hierarchy level. This message is logged every 60 seconds until the rate no longer exceeds the threshold.
Event: This message reports an event, not an error
error
Host destination-address (application), event-type ... rate=rate events/sec
The indicated event occurred at the indicated rate (events per second) for the indicated application at the indicated destination IP address. The rate exceeds the intrusion detection services (IDS) threshold set by the 'threshold' statement at the [edit services ids rule <rule-name> term <term-name> then logging] hierarchy level. The application is specified by the 'applications' or 'application-sets' statement at the [edit services ids rule <rule-name> term <term-name> from] hierarchy level. This message is logged every 60 seconds until the rate no longer exceeds the threshold.
Event: This message reports an event, not an error
error
CLEAR: Invalid query type received-value expecting expected-value
Intrusion detection services (IDS) received a request to clear information from IDS tables. The request included the indicated type of query, which IDS cannot interpret.
Error: An error occurred
critical
Contact your technical support representative.
CLEAR: Invalid query version received-value expecting expected-value
Intrusion detection services (IDS) received a request to clear information from IDS tables. The request's version number did not match the version number of requests that IDS can service.
Error: An error occurred
critical
Contact your technical support representative.
SHOW: Invalid query type received-value expecting expected-value
Intrusion detection services (IDS) received a request to show information from IDS tables. The request included the indicated type of query, which IDS cannot interpret.
Error: An error occurred
critical
Contact your technical support representative.
SHOW: Invalid query version received-value expecting expected-value
Intrusion detection services (IDS) received a request to show information from IDS tables. The request's version number did not match the version number of requests that IDS can service.
Error: An error occurred
critical
Contact your technical support representative.
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the flow rate at the firewall exceeded the intrusion detection services (IDS) limit configured by the 'rate' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-destination] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the flow rate at the firewall exceeded the intrusion detection services (IDS) limit configured by the 'rate' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-pair] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the flow rate at the firewall exceeded the intrusion detection services (IDS) limit configured by the 'rate' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-source] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the number of open flows exceeded the intrusion detection services (IDS) limit configured by the 'maximum' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-destination] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the number of open flows exceeded the intrusion detection services (IDS) limit configured by the 'maximum' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-pair] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and did not create a new flow, because the number of open flows exceeded the intrusion detection services (IDS) limit configured by the 'maximum' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-source] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the number of packets per second (aggregated over all monitored flows) exceeded the intrusion detection services (IDS) limit configured by the 'packets' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-destination] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the number of packets per second (aggregated over all monitored flows) exceeded the intrusion detection services (IDS) limit configured by the 'packets' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-pair] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the number of packets per second (aggregated over all monitored flows) exceeded the intrusion detection services (IDS) limit configured by the 'packets' statement at the [edit services ids rule <rule-name> term <term-name> then session-limit by-source] hierarchy level. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
Not enough memory for show command
Intrusion detection services (IDS) could not service a request to show information from IDS tables, because not enough memory was available.
Error: An error occurred
critical
Failure: NULL query for CLEAR command.
Intrusion detection services (IDS) invoked a query handler to service a request to clear information from IDS tables. The handler did not receive the request.
Event: This message reports an event, not an error
critical
Contact your technical support representative.
Failure: NULL query for SHOW command.
Intrusion detection services (IDS) invoked a query handler to service a request to show information from IDS tables. The handler did not receive the request.
Event: This message reports an event, not an error
critical
Contact your technical support representative.
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
A packet matched the indicated term in the indicated intrusion detection services (IDS) rule. If the rule belongs to a rule set, the rule set name is also displayed. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
info
Host destination-address, SYN-COOKIE protection deactivated
Intrusion detection services (IDS) deactivated SYN cookie protection for the indicated destination address. IDS deactivates this protection when it learns from the stateful firewall that the rate of certain events has returned to a level below the threshold set by the 'threshold' statement at the [edit services ids rule <rule-name> term <term-name> then syn-cookie] hierarchy level. The relevant events include the ones reported by the ASP_IDS_TCP_SYN_ATTACK, ASP_SFW_SYN_DEFENSE, and ASP_SFW_TCP_SCAN system log messages.
Event: This message reports an event, not an error
error
Host destination-address, SYN-COOKIE protection activated
Intrusion detection services (IDS) activated SYN cookie protection for the indicated destination address, because it learned from the stateful firewall that the rate of certain events exceeded the threshold set by the 'threshold' statement at the [edit services ids rule <rule-name> term <term-name> then syn-cookie] hierarchy level. The events include the ones reported by the ASP_IDS_TCP_SYN_ATTACK, ASP_SFW_SYN_DEFENSE, and ASP_SFW_TCP_SCAN system log messages. When SYN cookie protection is activated for a flow to a destination and the TCP handshake has not completed, the stateful firewall generates a SYN/ACK packet for each SYN packet directed to the destination.
Event: This message reports an event, not an error
error
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall received the packet with the indicated characteristics and determined that it was a duplicate Transmission Control Protocol (TCP) SYN packet (the SYN flag was set and a SYN packet was already received for the flow to the destination). The event was reported to intrusion detection services (IDS) and can cause IDS to activate SYN cookie protection. The packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
error
IPC message lacked variable portion
The Layer 2 Tunneling Protocol (L2TP) did not process an interprocess communication (IPC) message because the variable portion of the message was missing.
Error: An error occurred
error
Unable to allocate memory for L2TP flow for tunnel tunnel-id, session session-id
The Layer 2 Tunneling Protocol (L2TP) could not allocate the memory it needed to create a flow for the indicated tunnel and session.
Error: An error occurred
error
Unable to allocate object-cache memory for flow (unit unit-id, tunnel tunnel-id, session session-id)
The Layer 2 Tunneling Protocol (L2TP) could not allocate memory from an object cache for the flow defined by the indicated unit, tunnel, and session.
Error: An error occurred
error
Number of queries (num-queries) in statistics request exceeded limit (max-queries)
The Layer 2 Tunneling Protocol (L2TP) did not process an interprocess communication (IPC) request for statistics because it included the indicated the number of queries, which exceeds the limit as indicated.
Error: An error occurred
error
Invalid version received-value on statistics request (expected expected-value)
The Layer 2 Tunneling Protocol process (l2tpd) received a request for statistics with the indicated version, which is not the indicated, supported version.
Error: An error occurred
error
Unable to add tunnel group for service set service-set: could not allocate ID
The Layer 2 Tunneling Protocol (L2TP) could not add a tunnel group for the indicated service set because it could not allocate an internal ID.
Error: An error occurred
error
Unable to add tunnel group group-id: it already exists
The Layer 2 Tunneling Protocol (L2TP) could not add a tunnel group with the indicated ID because it already existed.
Error: An error occurred
error
Unable to change tunnel group for service set service-set: could not allocate ID
The Layer 2 Tunneling Protocol (L2TP) could not change a tunnel group for the indicated service set because it could not allocate an internal ID.
Error: An error occurred
error
Unable to change tunnel group group-id: ID is invalid
The Layer 2 Tunneling Protocol (L2TP) could not change the tunnel group with the indicated internal ID, because the ID is invalid.
Error: An error occurred
error
Unable to delete tunnel group group-id: ID is invalid
The Layer 2 Tunneling Protocol (L2TP) could not delete the tunnel group with the indicated internal ID, because the ID is invalid.
Error: An error occurred
error
natpool nat-pool-name is out of addresses
Network Address Translation (NAT) services could not allocate an address from the indicated NAT pool, because no addresses were available.
Event: This message reports an event, not an error
warning
natpool nat-pool-name is out of ports
Network Address Translation (NAT) services could not allocate a port from the indicated NAT pool, because no ports were available.
Event: This message reports an event, not an error
warning
natpool release address:port[count]
Network Address Translation (NAT) services made the indicated number of ports available in the pool for the indicated address, starting at the indicated port number.
Event: This message reports an event, not an error
info
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
A packet matched the indicated term in the indicated Network Address Translation (NAT) rule. If the rule belongs to a rule set, the rule set name is also displayed. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
info
Unable to write IPC message (type message-type, subtype message-subtype): status code status
The Packet Gateway Control Protocol (PGCP) client on the MultiServices Physical Interface Card (PIC) could not write an interprocess communication (IPC) message to the end of its pipe.
Error: An error occurred
error
Unable to write IPC message (type message-type, subtype message-subtype) to pipe: status code status
The Packet Gateway Control Protocol (PGCP) client on the MultiServices Physical Interface Card (PIC) could not write the contents of its interprocess communication (IPC) pipe to the socket layer.
Error: An error occurred
error
ALG sfw-application-name specified by stateful firewall or CoS rule was reduced to nat-application-name, because twice NAT does not support ALG application
A twice Network Address Translation (NAT) rule is applied to the same source or destination addresses as a stateful firewall or class-of-service (CoS) rule that applies an application-level gateway (ALG) other than Internet Control Message Protocol (ICMP) or traceroute. The configuration is invalid, because only those ALGs are supported in combination with twice NAT. The ALG configured in the stateful firewall or CoS rule was ignored, and only the application configured in the twice-NAT rule was applied. The adaptive services software accomplished this internally by adjusting the indicated ALG value (which is not supported with twice NAT) to the indicated supported value.
Event: This message reports an event, not an error
warning
Change the configuration so that twice-NAT rules (defined at the [edit services nat] hierarchy level) are not applied to the same source or destination addresses as rules defined at the [edit services stateful-firewall] or [edit services cos] hierarchy level that include ALGs other than the supported ones.
ALG promotion failed. Stateful firewall application sfw-application-name conflicts with NAT application nat-application-name or conflicts with QoS application; request creation of discard flow
A matching application-level gateway protocol (ALG) was found from both the indicated stateful firewall rule and either the indicated Network Address Translation (NAT) rule or a quality-of-service (QoS) rule, but the two ALGs were not at the same level.
Event: This message reports an event, not an error
critical
Resolve the conflicting application-protocol matching conditions in the rules at the [edit services stateful-firewall] hierarchy level and either the [edit services cos] (for QoS rules) or [edit services nat] (for NAT rules) hierarchy level.
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the packet was so large that it exhausted memory resources. The packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
Delete active flows to forcibly free memory, or wait for the system to reclaim memory. Consider creating more service sets among which resources can be divided. Otherwise, contact your technical support representative.
change global inactivity timer to value1 open timeout to value2
The global inactivity timer and the open timeout were set to the indicated values.
Event: This message reports an event, not an error
critical
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type nat-information
The packet with the indicated characteristics matched a stateful firewall rule that has the 'accept' action, and the stateful firewall created a flow. If the flow requires Network Address Translation (NAT) services, NAT information appears at the end of the message. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
info
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The packet with the indicated characteristics matched a stateful firewall rule that has the 'discard' action, and the stateful firewall created a discard flow. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The packet with the indicated characteristics matched a stateful firewall rule that has the 'reject' action, and the stateful firewall created a reject flow. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type nat-information
When the stateful firewall receives PORT/EPRT commands in the control channel, it creates a flow in anticipation of an FTP data connection from client to server. The packet with the indicated characteristics matched such a flow. If the flow requires Network Address Translation (NAT) services, NAT information appears at the end of the message. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type nat-information
When the stateful firewall receives PASV/EPSV commands in the control channel, it creates a flow in anticipation of an FTP data connection from server to client. The packet with the indicated characteristics matched such a flow. If the flow requires Network Address Translation (NAT) services, NAT information appears at the end of the message. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) error packet with the indicated characteristics, because the packet did not belong to an existing flow. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) packet with the indicated characteristics, because the length field in the packet header was shorter than the minimum 8 bytes required for an ICMP packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) error packet with the indicated characteristics, because the packet contained fewer than 48 bytes of data, or more than 576. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and all related IP fragments it had previously received, because all fragments did not arrive within the four-second reassembly timeout period. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and all related IP fragments it had previously received, because the contents of two fragments overlapped. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet contained nonconfigured IP option types. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet checksum was incorrect. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet destination address was either a multicast address or was in the range reserved for experimental use (248.0.0.0 through 255.255.255.254). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics and all related IP fragments it had previously received, because the length of a fragment was invalid. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet length was invalid. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the source and destination address for the packet were the same (referred to as a land attack). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet version was not IP version 4 (IPv4). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet used an invalid protocol. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet source address was one of the following: (1) a multicast address (2) a broadcast address (3) in the range 127.0.0.0 through 127.255.255.255 (4) in the range 248.0.0.0 through 255.255.255.254, which is reserved for experimental use. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet contained more than 64 kilobytes (KB) of data (referred to as a ping-of-death attack). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet did not contain the minimum amount of data required. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the IP packet with the indicated characteristics, because the packet had a time-to-live (TTL) value of 0 (zero). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
install new configuration
A new stateful firewall policy was installed.
Event: This message reports an event, not an error
critical
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall received the packet with the indicated characteristics, which was not an IP packet. The packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
source-address -> destination-addressNo policy
The stateful firewall received packets with the indicated source and destination addresses. There was no matching policy for the traffic.
Event: This message reports an event, not an error
critical
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet did not match and stateful firewall rules. In this case, the default action is to discard the packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) echo request packet with the indicated characteristics, because packet's sequence number was the same as in a previous packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) echo reply packet with the indicated characteristics, because the firewall had not previously received an echo request packet with the same sequence number. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Internet Control Message Protocol (ICMP) echo request packet with the indicated characteristics, because it had not received echo replies for an excessive number of previously received echo requests. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
reject configuration because reason
A newly installed stateful firewall policy was rejected for the indicated reason.
Event: This message reports an event, not an error
critical
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
The packet with the indicated characteristics matched the indicated term in the indicated stateful firewall rule, which has an 'accept' action. If the rule belongs to a rule set, the rule set name is also displayed. The stateful firewall accepted the flow to which the packet belongs. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
info
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
The packet with the indicated characteristics matched the indicated term in the indicated stateful firewall rule, which has a 'discard' action. If the rule belongs to a rule set, the rule set name is also displayed. The stateful firewall discarded the packet. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name) application: application, source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type rule-set: rule-set-name, rule: rule-name, term: term-name
The packet with the indicated characteristics matched the indicated term in the indicated stateful firewall rule, which has a 'reject' action. If the rule belongs to a rule set, the rule set name is also displayed. If the packet used the User Datagram Protocol (UDP), the stateful firewall generated an Internet Control Message Protocol (ICMP) error message. If the packet used the Transmission Control Protocol (TCP), the stateful firewall generated an RST packet. The matching packet contained the indicated information about its protocol (numerical identifier and name), application, source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the Transmission Control Protocol (TCP) handshake that is used to establish a session did not complete quickly enough. The time limit is set by the 'open-timeout' statement at the [edit interfaces <services-interface> services-options] hierarchy level or is four seconds by default. The event was reported to intrusion detection services (IDS) and can cause IDS to activate SYN cookie protection. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
Possible causes for the handshake failure include the following: (1) sequence numbers did not match in a SYN packet and a previous SYN packet (the second packet was not a retransmission) (2) sequence numbers did not match in a SYN/ACK packet and a previous SYN packet (3) either or both a SYN/ACK packet and an ACK packet did not arrive at the firewall within the time limit.
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) ACK packet with the indicated characteristics, either because it is the first packet in a session, or because its sequence number did not match the sequence number in the SYN/ACK packet that the firewall previously generated for the session. The firewall generates SYN/ACK packets when SYN cookie protection is activated. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the flags in the packet were set in one of the following combinations: (1) FIN and RST (2) SYN and one or more of FIN, RST, and URG. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the length field in the packet header was shorter than the minimum 20 bytes required for a TCP packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because it was the first packet in the TCP session but the SYN flag was not set. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the source or destination port specified in the packet was zero (0). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the session to which the packet belongs violated TCP standards. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
Possible causes include the following: (1) the amount of previously received but unacknowledged data exceeded the TCP window (2) there were sequence number errors (gaps in the sequence or packets with overlapping numbers).
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall received a Transmission Control Protocol (TCP) RST packet from a server, indicating that the server rejected a connection attempt directed to the indicated destination address and port. The event was reported to intrusion detection services (IDS) and can cause IDS to activate SYN cookie protection. The RST packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the packet's sequence number was 0 (zero) and no flags were set. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the Transmission Control Protocol (TCP) packet with the indicated characteristics, because the packet's sequence number was 0 (zero) and one or more of the FIN, PSH, and RST flags were set. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the User Datagram Protocol (UDP) packet with the indicated characteristics, because the length field in the packet header was shorter than the minimum 8 bytes required for an UDP packet. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the User Datagram Protocol (UDP) packet with the indicated characteristics, because the source or destination port specified in the packet was zero (0). The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall received an Internet Control Message Protocol (ICMP) error message from a server running at the indicated destination address and User Datagram Protocol (UDP) port. The error packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
notice
syslog-prefix error-code: proto protocol-id (protocol-name), source-interface-nameseparatorsource-address:source-port -> destination-addressdestination-port, event-type
The stateful firewall discarded the packet with the indicated characteristics, because the packet was malformed. The discarded packet contained the indicated information about its protocol (numerical identifier and name), source (logical interface name, IP address, and port number), and destination (IP address and port number).
Event: This message reports an event, not an error
critical
Number of flows (currently current-flows) exceeded configured limit (maximum-value) count times in previous 60 seconds
A flow was not created for a service and service set, because the current number of flows for all supported services exceeded the limit configured with the 'max-flows' statement at the [edit services service-set <service-set-name>] hierarchy level. The message appears once per minute and reports the number of times in the previous 60 seconds that the system noted the excessive number of flows.
Event: This message reports an event, not an error
notice
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |