RT System Log Messages
This chapter describes messages with the RT prefix. They are generated on routers running the JUNOS Software with enhanced services by the Packet Forwarding Engine as it processes packets for security control in real time.
RT_FLOW_SESSION_CLOSE
System Log Message
session closed reason: source-address/source-port->destination-address/destination-port service-name nat-source-address/nat-source-port->nat-destination-address/nat-destination-port src-nat-rule-name dst-nat-rule-name protocol-id policy-name source-zone-name destination-zone-name session-id-32 packets-from-client(bytes-from-client) packets-from-server(bytes-from-server) elapsed-time
Description
A security session was closed.
Type
Event: This message reports an event, not an error
Severity
info
RT_FLOW_SESSION_CREATE
System Log Message
session created source-address/source-port->destination-address/destination-port service-name nat-source-address/nat-source-port->nat-destination-address/nat-destination-port src-nat-rule-name dst-nat-rule-name protocol-id policy-name source-zone-name destination-zone-name session-id-32
Description
A security session was created.
Type
Event: This message reports an event, not an error
Severity
info
RT_FLOW_SESSION_DENY
System Log Message
session denied source-address/source-port->destination-address/destination-port service-name protocol-id(icmp-type) policy-name source-zone-name destination-zone-name
Description
A security session was not permitted by policy.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_BAD_LICENSE
System Log Message
GTP invalid license (gtpP memory-address)
Description
The GPRS tunneling protocol (GTP) is not enabled. The user needs to enable GTP to solve this problem.
Type
Error: An error occurred
Severity
error
RT_GTP_DEL_TUNNEL_V0
System Log Message
Delete tunnel for V0 gtp-array-index (tid gtp-mobile-id1gtp-mobile-id2), in gtp-tunnel-in-count out gtp-tunnel-out-count, duration: duration seconds
Description
A GPRS tunneling protocol (GTP) version 0 tunnel was deleted.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_DEL_TUNNEL_V1
System Log Message
Delete tunnel V1 gtp-array-index (SGSN teid gtp-teid), in gtp-tunnel-in-count out gtp-tunnel-out-count, duration: duration seconds
Description
A GPRS tunneling protocol (GTP) version 1 tunnel was deleted.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_APN_IE
System Log Message
APN IE: name
Description
Displays the contents of the Access Point Name (APN) information element carried in the GPRS tunneling protocol (GTP) message.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_DESCRIPTION_CHARGING
System Log Message
GTP source-address -> destination-address charging vmajor-version
Description
Displays the GPRS tunneling protocol (GTP) packet description for a GTP charging message. The description includes the source and destination address and version.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_DESCRIPTION_V0
System Log Message
GTP source-address -> destination-address TID gtp-mobile-id1gtp-mobile-id2 (index gtp-array-index)
Description
Displays the GPRS tunneling protocol (GTP) packet description for a GTP version 0 message. The description includes the source and destination address, 64-bit tunnel ID, and index.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_DESCRIPTION_V1
System Log Message
GTP source-address -> destination-address TeID xgtp-teid (index gtp-array-index)
Description
Displays the GPRS tunneling protocol (GTP) packet description for a GTP version 1 message. The description includes the source and destination address, tunnel endpoint ID, and index.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_ENDUSER_ADDR_IE_IPV4
System Log Message
EndUserAddr IE: ip-address
Description
Displays the contents of the IPv4 End User Address information element carried in the GPRS tunneling protocol (GTP) message. The content includes the end user IP address.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_GSNADDR_IE
System Log Message
GSNaddr IE: ip-address
Description
Displays the contents of the GPRS Support Node (GSN) Address information element carried in the GPRS tunneling protocol (GTP) message. The content includes the GSN IP address.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_IMSI_IE
System Log Message
IMSI IE: gtp-mobile-id1gtp-mobile-id2
Description
Displays the contents of the International Mobile Subscriber Identity (IMSI) information element carried in the GPRS tunneling protocol (GTP) message. The content includes the lower and higher halves of the GTP mobile ID.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_MSISDN_IE
System Log Message
MSisdn IE: gtp-isdn-number
Description
Displays the contents of the MS International PSTN/ISDN Number (MSISDN) information element carried in the GPRS tunneling protocol (GTP) message. The content includes the ISDN number.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_PKT_RESULT
System Log Message
***message
Description
Displays the GPRS tunneling protocol (GTP) packet process result, providing information about whether the packet is passed or dropped.
Type
Event: This message reports an event, not an error
Severity
info
RT_GTP_SANITY_EXTENSION_HEADER
System Log Message
*** GTP-DROP message-type (sanity): wrong extension header
Description
The GPRS tunneling protocol (GTP) packet has an incorrect extension header and the packet will be dropped.
Type
Error: An error occurred
Severity
error
RT_GTP_SYSTEM_ERROR
System Log Message
*** GTP-DROP message-type: bad system status (error-code)
Description
The GPRS tunneling protocol (GTP) packet was dropped due to a firewall system error, as indicated by the error code.
Type
Error: An error occurred
Severity
error
RT_H323_CALL_LIMIT_EXCEED
System Log Message
Failed to process the packet, active call limit exceeded maximum-value
Description
The maximum H.323 call limit has been exceeded.
Type
Error: An error occurred
Severity
error
RT_H323_NAT_COOKIE_NOT_FOUND
System Log Message
object-name cannot find cookie from session
Description
Failed to find the H.323 NAT cookie.
Type
Error: An error occurred
Severity
error
RT_H323_RAS_REQ_FLOOD
System Log Message
RAS Request flood to gatekeeper destination-address detected, request threshold threshold
Description
H.323 Registration Authentication Status request messages have exceeded the configured threshold.
Type
Error: An error occurred
Severity
error
RT_IPSEC_BAD_SPI
System Log Message
IPSec tunnel on int interface-name with tunnel ID 0xtunnel-id received a packet with a bad SPI. source-address->destination-address/length, type, SPI 0xindex, SEQ 0xsequence-number.
Description
Received IPSec packet with bad SPI
Type
Error: An error occurred
Severity
error
RT_IPSEC_REPLAY
System Log Message
Replay packet detected on IPSec tunnel on interface-name with tunnel ID 0xtunnel-id! From source-address to destination-address/length, type, SPI 0xindex, SEQ 0xsequence-number.
Description
Received IPSec replay packet
Type
Error: An error occurred
Severity
error
RT_MGCP_CALL_LIMIT_EXCEED
System Log Message
Exceed maximum call max active call numbermaximum-value
Description
The maximum MGCP active call limit has been exceeded.
Type
Error: An error occurred
Severity
error
RT_MGCP_DECODE_FAIL
System Log Message
Failed to decode MGCP packet
Description
Failed to decode MGCP message.
Type
Error: An error occurred
Severity
error
RT_MGCP_MEM_ALLOC_FAILED
System Log Message
Failed to allocate memory for object-name
Description
Failed to allocate memory for the MGCP objects.
Type
Error: An error occurred
Severity
error
RT_MGCP_REG_NAT_VEC_FAIL
System Log Message
Failed to add MGCP object-name to flow module
Description
Failed to register the MGCP ALG vector with the flow module.
Type
Error: An error occurred
Severity
error
RT_MGCP_REG_RM_FAIL
System Log Message
Failed to register MGCP ALG with Resource Manager
Description
Failed to register the MGCP Resource Manager client.
Type
Error: An error occurred
Severity
error
RT_MGCP_REM_NAT_VEC_FAIL
System Log Message
Failed to remove MGCP object-name from flow module
Description
Failed to remove the MGCP ALG vector from the flow module.
Type
Error: An error occurred
Severity
error
RT_MGCP_RM_CLIENTID_FAIL
System Log Message
MGCP ALG Resource Manager client registration failed
Description
Failed to obtain the MGCP Resource Manager client identifier.
Type
Error: An error occurred
Severity
error
RT_MGCP_UNREG_BY_RM
System Log Message
MGCP ALG client has been unregistered by Resource Manager
Description
The Resource Manager has unregistered the MGCP Resource Manager client.
Type
Error: An error occurred
Severity
error
RT_SCCP_CALL_LIMIT_EXCEED
System Log Message
Failed to create SCCP ALG call, call limit maximum-value exceeded
Description
The maximum SCCP call limit has been exceeded.
Type
Error: An error occurred
Severity
error
RT_SCCP_CALL_RATE_EXCEED
System Log Message
The SCCP active call rate limit maximum-value has been exceeded
Description
The SCCP active call rate limit has been exceeded.
Type
Error: An error occurred
Severity
error
RT_SCCP_DECODE_FAIL
System Log Message
Failed to decode SCCP packet from source-address->destination-address
Description
Failed to decode SCCP packet.
Type
Error: An error occurred
Severity
error
RT_SCCP_NAT_COOKIE_NOT_FOUND
System Log Message
Failed to find SCCP ALG cookie from session
Description
Failed to find SCCP NAT cookie.
Type
Error: An error occurred
Severity
error
RT_SCCP_REM_NAT_VEC_FAIL
System Log Message
Failed to remove SCCP ALG vector from flow module
Description
Failed to remove the SCCP ALG vector from the flow module.
Type
Error: An error occurred
Severity
error
RT_SCCP_UNREG_RM_FAIL
System Log Message
Failed to unregister SCCP client from Resource Manager when the ALG was unregistered
Description
Failed to unregister SCCP client from Resource Manager when the ALG was unregistered.
Type
Error: An error occurred
Severity
error
RT_SCREEN_ICMP
System Log Message
attack-name source: source-address, destination: destination-address, zone name: source-zone-name, interface name: interface-name
Description
ICMP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_ICMP_FLOOD
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
ICMP flood attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_ICMP_FRAG
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
fragmented ICMP packet attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_ICMP_ID
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
ICMP zero ID attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_ICMP_LARGE
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
large ICMP packet attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_ICMP_PING_DEATH
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
ping of death attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP
System Log Message
attack-name source: source-address, destination: destination-address, protocol-id: protocol-id, zone name: source-zone-name, interface name: interface-name
Description
IP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_BAD_OPT
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP bad option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_FRAG
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP fragment attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_LAND
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP land attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_FILTER_ROUTE
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP source route option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_LSR
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP loose source route option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_RECORD
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP record route option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_SCHT
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP security option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_SSR
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP strict source route option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_STREAM
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP stream option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_OPT_TIMESTAMP
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP timestamp option attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_SPOOFING
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP spoofing attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_SWEEP
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
IP sweeping attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_IP_UNKNOWN_PROT
System Log Message
source: source-address, destination: destination-address, protocol-id: protocol-idzone name: filter-name, interface name: interface-name
Description
IP unknown protocol attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_MAL_URL
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, protocol-id: protocol-idzone name: filter-name, interface name: interface-name
Description
malicious URL attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_OVER_SESSION_DST
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
session from the same destination address exceeds the threshold
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_OVER_SESSION_SRC
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
session from the same source address exceeds the threshold
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_PORT_SCAN
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
port scan attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_SESSION_LIMIT
System Log Message
attack-name message: ip-address, zone name: source-zone-name, interface name: interface-name
Description
Session limit category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_SYN_ACK_ACK
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
SYN-ACK-ACK attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP
System Log Message
attack-name source: source-address:source-port, destination: destination-address:destination-port, zone name: source-zone-name, interface name: interface-name
Description
TCP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_DST_IP
System Log Message
attack-name destination: destination-address, zone name: source-zone-name, interface name: interface-name
Description
TCP destination IP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_FIN_NO_ACK
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
TCP FIN without ACK flag attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_FRAG
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
TCP fragment attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_NO_FLAG
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
TCP no flag attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_SRC_IP
System Log Message
attack-name source: source-address, zone name: source-zone-name, interface name: interface-name
Description
TCP source IP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_SYN_FIN
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
TCP SYN-FIN flag attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TCP_SYN_FLOOD
System Log Message
source: source-address-source-port, destination: destination-address-destination-port, zone name: filter-name, interface name: interface-name
Description
TCP SYN flood attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_TEAR_DROP
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
tear drop attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_UDP
System Log Message
attack-name source: source-address:source-port, destination: destination-address:destination-port, zone name: source-zone-name, interface name: interface-name
Description
UDP attack category
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_UDP_FLOOD
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
UDP flood attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SCREEN_WINNUKE
System Log Message
source: source-address, destination: destination-address, zone name: filter-name, interface name: interface-name
Description
winnuke attack
Type
Event: This message reports an event, not an error
Severity
error
RT_SIP_CALL_LIMIT_EXCEED
System Log Message
Exceed maximum call
Description
The maximum SIP call limit has been exceeded.
Type
Error: An error occurred
Severity
error
RT_SIP_DECODE_FAIL
System Log Message
Failed to decode SIP packet error-message
Description
Failed to decode incoming SIP packet.
Type
Error: An error occurred
Severity
error
RT_SIP_INIT_EP_FAIL
System Log Message
The SIP stack failed to create an endpoint with the configuration
Description
Failed to initialize SIP endpoint.
Type
Error: An error occurred
Severity
error
RT_SIP_INIT_LISTENER_FAIL
System Log Message
The SIP stack failed endpoint failed to create a dummy listener
Description
Failed to initialize SIP transport listener.
Type
Error: An error occurred
Severity
error
RT_SIP_MEM_ALLOC_FAILED
System Log Message
Failed to allocate memory for object-name
Description
Failed to allocate memory from the memory pool.
Type
Error: An error occurred
Severity
error
RT_SIP_REG_NAT_VEC_FAIL
System Log Message
Failed to add SIP ALG vector to flow module
Description
Failed to register SIP ALG vector with the flow module.
Type
Error: An error occurred
Severity
error
RT_SIP_REG_RM_FAIL
System Log Message
Failed to register SIP ALG with the Resource Manager
Description
Failed to register the SIP ALG Resource Manager client.
Type
Error: An error occurred
Severity
error
RT_SIP_REM_NAT_VEC_FAIL
System Log Message
Failed to remove SIP ALG vector from flow module
Description
Failed to remove the SIP ALG vector from the flow module.
Type
Error: An error occurred
Severity
error
RT_SIP_UNREG_BY_RM
System Log Message
SIP client has been unregistered by RM
Description
The Resource Manager has notified SIP that a client has been unregistered.
Type
Error: An error occurred
Severity
error
RT_SOURCE_NAT_ALARM_CLEAR
System Log Message
Utilization of source nat pool 'nat-pool-name' hits clear threshold 'threshold%%'
Description
Utilization of source NAT pool reaches the alarm clear threshold.
Type
Error: An error occurred
Severity
error
RT_SOURCE_NAT_ALARM_RAISE
System Log Message
Utilization of source nat pool 'nat-pool-name' hits raise threshold 'threshold%%'
Description
Utilization of source NAT pool reaches the alarm raise threshold.
Type
Error: An error occurred
Severity
error
RT_SRC_NAT_ALARM_CLEAR
System Log Message
Utilization of source nat pool 'nat-pool-name' hits clear threshold 'threshold%%'
Description
Utilization of source NAT pool reaches the alarm clear threshold.
Type
Error: An error occurred
Severity
error
RT_SRC_NAT_ALARM_RAISE
System Log Message
Utilization of source nat pool 'nat-pool-name' hits raise threshold 'threshold%%'
Description
Utilization of source NAT pool reaches the alarm raise threshold.
Type
Error: An error occurred
Severity
error
