IDP System Log Messages

This chapter describes messages with the IDP prefix. They are generated by the Intrusion Detection and Prevention (IDP) process which enforces various attack detection and prevention techniques on network traffic.

IDP_APPDDOS_APP_ATTACK_EVENT

System Log Message

DDOS Attack at timestamp on ddos-application-name, <source-zone-name:source-interface-name:source-address:source-port->destination-zone-name:destination-interface-name:destination-address:destination-port> for protocol-name protocol and service service-name by rule rule-name of rulebase rulebase-name in policy policy-name. attack: repeats repeat-count action action severity severity, connection-hit-rate connection-hit-rate, context-name context-name, hit-rate context-hit-rate, value-hit-rate context-value-hit-rate time-scope time-scope time-count time-count time-period time-period secs, context value: context-value

Description

The application-level distributed denial-of-service (AppDDoS) attack occurred when the number of client transactions exceeded the user-configured connection, context and time binding thresholds

Type

Event: This message reports an event, not an error

Severity

info

Facility

LOG_PFE

IDP_APPDDOS_APP_STATE_EVENT

System Log Message

DDOS Application threshold crossed at timestamp on ddos-application-name, <destination-zone-name:destination-interface-name:destination-address:destination-port> for protocol-name protocol and service service-name in rule rule-name of rulebase rulebase-name in policy policy-name. repeats repeat-count message: message context-value: context-value

Description

The application-level distributed denial-of-service (AppDDoS) state transition occurred when the number of application transactions exceeded the user-configured connection or context thresholds

Type

Event: This message reports an event, not an error

Severity

info

Facility

LOG_PFE

IDP_ATTACK_LOG_EVENT

System Log Message

IDP: at timestamp, message-type Attack log <source-address:source-port->destination-address:destination-port> for protocol-name protocol and service service-name application application-name by rule rule-name of rulebase rulebase-name in policy policy-name. attack: repeat=repeat-count, action=action, severity=severity, name=attack-name, NAT <nat-source-address:nat-source-port->nat-destination-address:nat-destination-port>, time-elapsed=elapsed-time, inbytes=inbound-bytes, outbytes=outbound-bytes, inpackets=inbound-packets, outpackets=outbound-packets, intf:source-zone-name:source-interface-name->destination-zone-name:destination-interface-name, packet-log-id: packet-log-id and misc-message message

Description

IDP Attack log generated for attack

Type

Event: This message reports an event, not an error

Severity

info

Facility

LOG_PFE

IDP_COMMIT_COMPLETED

System Log Message

IDP policy commit is complete.

Description

IDP policy commit has completed. Policy compile and load however may have been a success or failure.

Type

Event: This message reports an event, not an error

Severity

notice

Facility

LOG_AUTH

IDP_COMMIT_FAILED

System Log Message

IDP policy commit failed. Exiting from compilation.

Description

There was an error while trying to commit the active policy in IDPD. Device will continue running the current IDP policy.

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_DAEMON_INIT_FAILED

System Log Message

Aborting...A failure was encountered;error-message

Description

An attempt to start IDP policy daemon failed because an error was encountered during initialization.

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_INTERNAL_ERROR

System Log Message

Encountered an error(error-message)

Description

IDP daemon encountered an internal error

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_POLICY_COMPILATION_FAILED

System Log Message

IDP compilation of policy[idp-policy] failed : [reason]

Description

IDP policy compiler encountered an error while compiling or packaging the policy.Device will continue running the existing IDP policy

Type

Event: This message reports an event, not an error

Severity

error

Facility

LOG_AUTH

IDP_POLICY_LOAD_FAILED

System Log Message

IDP policy loading failed ;policy[idp-policy], detector[idp-detector] ,failure detail[reason]

Description

A compiled and optimized IDP policy could not be loaded into IDP engine. Device will continue running the existing IDP policy.

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_POLICY_LOAD_SUCCEEDED

System Log Message

IDP policy[idp-policy] and detector[idp-detector] loaded successfully(message).

Description

A compiled and optimized IDP policy was loaded successfully into the IDP engine. All subsequent sessions will be processed as per this new IDP policy.

Type

Event: This message reports an event, not an error

Severity

notice

Facility

LOG_AUTH

IDP_POLICY_UNLOAD_FAILED

System Log Message

Failed to unload IDP policy. reason: reason.

Description

A running IDP policy could not be unloaded from IDP engine. Device will continue running the IDP policy.

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_POLICY_UNLOAD_SUCCEEDED

System Log Message

IDP policy unloaded successfully.

Description

A running IDP policy was unloaded successfully from the IDP engine.

Type

Event: This message reports an event, not an error

Severity

notice

Facility

LOG_AUTH

IDP_SCHEDULEDUPDATE_START_FAILED

System Log Message

Failed to start scheduled update(error:error-message)

Description

The scheduled IDP security package update failed to start. Device will try it again at the next scheduled time

Type

Error: An error occurred

Severity

error

Facility

LOG_AUTH

IDP_SCHEDULED_UPDATE_STARTED

System Log Message

Scheduled update has started(at timestamp)

Description

The scheduled IDP security package update has started.

Type

Event: This message reports an event, not an error

Severity

notice

Facility

LOG_AUTH

IDP_SECURITY_INSTALL_RESULT

System Log Message

security package install result(status)

Description

IDP background process has returned the security package install result

Type

Event: This message reports an event, not an error

Severity

notice

Facility

LOG_AUTH

IDP_SESSION_LOG_EVENT

System Log Message

IDP: at timestamp, event-name.

Description

IDP session threshold crossing event

Type

Event: This message reports an event, not an error

Severity

info

Facility

LOG_PFE

IDP_SIGNATURE_LICENSE_EXPIRED

System Log Message

IDP Signagure update license(ID=feature-id) has expired

Description

IDP signature update license key has expired. Signature update may not work any more.

Type

Event: This message reports an event, not an error

Severity

warning

Facility

LOG_AUTH

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.