Cisco Security Appliance System Log Messages, Version 7.2
Index

Table Of Contents

Symbols - Numerics - A - B - C - D - E - F - H - I - L - M - N - O - P - Q - R - S - T - U - V - W - X -

Index

Symbols

% 94

Numerics

4GE SSM44to 54

A

AAA

authentication 37, 38, 39, 359

authorization 29

messages 24, 25, 26, 27, 28, 29, 30, 36, 37, 38, 39, 40, 137, 138, 151, 194, 220

server 30, 39, 137, 138, 194, 219, 358, 359

ABR

without backbone area 96

access denied

URL 84

access-list command 14, 20, 83, 350

deny-flow-max option 20

interval option 20

log option 19

omitting 28

to permit traffic on UDP port 53 14, 20, 83, 350

access-list deny-flow-max command 20

access lists

See ACLs

access permitted 226

access requested 226

ACLs

ACL_ID 312

compilation out of memory 18

configuration error 28

crypto map 131, 239

deny 83

deny-flows 20

empty ACL downloaded 28

failed check 29

logging matches 19

no ACL configured 272

packet denied 18

parsing error 28

peer context ID 350

peer IP address not set 350

proxy ID mismatch 272

SoftNP error 352, 353

split tunneling policy 253

unsupported format 40

WebVPN

ACL ID not found 358

parse error 304, 305, 358

user authorization failure 358

ActiveX object, filtering 181

address translation slots 142

no more available 62, 141, 142

address translation slots, no more available 62

area border router

See ABR

ARP packet mismatch 141

ARP poisoning attack 141

ARP spoofing attack 101

asymmetric routing 17

attacks

ARP poisoning 141

ARP spoofing 101

DNS HINFO request 127

DNS request for all records 128

DNS zone transfer 128

DNS zone transfer from high port 128

DoS 20, 27, 63, 141, 146

fragmented ICMP traffic 127

IP fragment 127

IP fragments overlap 127

IP impossible packet 127

IP routing table 20, 21

land 16

large ICMP traffic 127

man in the middle 99

ping of death 127

proxied RPC request 128

spoofing 16, 17, 101, 142

statd buffer overflow 128

suspicious e-mail address pattern 22

SYN 58

TCP FIN only flags 127

TCP NULL flags 127

TCP SYN+FIN flags 127

UDP bomb 127

UDP chargen DoS 127

UDP snork 127

Authen Session End 26

authentication

failed 25

request 194

request succeeds 25

response 194

server not found 25

Auth from IP address/port to IP address/port failed 24

authorization

command 204

user 205

user denied 26

Auth start for user 24

Auto Update URL unreachable 212

B

backup server list

downloaded 208

error 209

bandwidth

reported as zero 213

bridge table

full 155

broadcast, invalid source address 16

bufferwraps

save to Flash 6

save to interal Flash 14

send to FTP server 14

built H245 connection 76

C

cannot specify PAT host 15

class

filtering messages by 16

message class variables 16

types 16

clear command

local-host option 146

clearing configuration settings 22

conduit command

permit ICMP option 15

config command 34

configuration 17

clearing settings 22

erase 34

replication

beginning 225

failed 224

status changed 155

configure command 34

connection limit exceeded 57, 58, 227

connection message 13, 14, 76

CTIQBE

connection object pre-allocation 216

unsupported version 216

D

deny

inbound from outside 14

inbound ICMP 15

inbound UDP 13

inbound UDP due to query/response 14

IP from address to address 15

IP spoof 16

self route 14

TCP (no connection) 15

detecting use of Internet phone 76

device ID, including in messages 19

device pass through

disabled 211

enabled 211

disabling messages, specific message IDs 21

DNS HINFO request attack 127

DNS query or response is denied 14

DNS request for all records attack 128

DNS server too slow 14

DNS zone transfer attack 128

DNS zone transfer from high port attack 128

DoS attack 20, 27, 63, 146

dropping echo request 15

E

Easy VPN Remote

backup server list

downloaded 208

error 209

device pass through

disabled 211

enabled 211

load balancing cluster

disconnected 209

redirected 209

split network entry duplicate 211

SUA

disabled 210, 211

enabled 209

user authentication

disabled 210

enabled 210

XAUTH enabled 211

EMBLEM format, using in logs 20

embryonic limit exceeded 58

F

facility

setting 9

failover

bad cable 2

block allocation failed 8

cable communication failed 8

cable not connected 2

cable status 2

configuration replication 8

configuration replication failed 226

continuous failovers 10

failed network interface 4

failover active command 367

failover command message dropped 9

incompatible software on mate 11

interface link down 11

LAN interface down 9

license mismatch with mate 12

link status up or down 7

lost communications with mate 6

mate card configuration mismatch 12

mate has different chassis 12

mate may be disabled 10

operational mode mismatch with mate 11

peer failure 4

peer LAN link down 9

power failure 2

primary unit failure 5

replication interrupted 10

show failover command 372

standby unit failed to sync 8

stateful error 64

stateful failover 64, 65, 66

VPN failover

buffer error 364

client being disabled 362

CTCP flow handle error 369

failed to allocate chunk 362

failed to initialize 360

failed to receive message from active unit 372

memory allocation error 363

non-block message not sent 365

registration failure 362

SDI node secret file failed to synchronize 373

standby unit received corrupted message from active unit 370

state update message failure 370

timer error 364

trustpoint certification failure 363

trustpoint name not found 365

unable to add to message queue 369

version control block failure 362

failover command 5, 6, 9

active option 4, 367

failover messages 1, 3, 5, 7, 225

filter allow command 86

filter command

activex option 181

allow option 86

filtering ActiveX objects 181

fixup protocol SMTP command 21

Flood Defender 220

floodguard command 26

format of messages 23

fragmented ICMP traffic attack 127

FTP

data connection failed 58

messages 84, 85, 86

H

H.225 143

H.245 76

H.245 connection

foreign address 76

H.323 77

back-connection, preallocated 77

unsupported packet version 224

hello packet with duplicate router ID 150

hostile event 17, 130, 131, 138

firewall circumvented 17

host limit 146

host move 155

HTTPS process limit 29

I

ICMP

packet denied 15

translation creation failed 88

IDB initializatrion 97

inbound TCP connection denied 13

insufficient memory 62, 142

error caused by 62, 141

interface

PPP virtual 70

virtual 70

zero bandwidth 213

Internet phone, detecting use of 76

invalid character replaced in e-mail address 21

invalid source addresses 16

IP address

DHCP client 196

DHCP server 196

IP fragment attack 127

IP fragments overlap attack 127

IP impossible packet attack 127

IP route counter decrement failure 147

IP routing table

attack 20, 21

creation error 95

limit exceeded 96

limit warning 96

OSPF inconsistency 97

IPSec

connection entries 247

connections 36, 37, 38, 39, 40, 327

failure 326

L2TP-over-IPSec 248

cTCP tunnel 376

encryption 287

fragmentation policy ignored 263

invalid packet 130

L2TP-over-IPSec connection 248

negotiation 239

overTCP 295

over UDP 257, 295

packet 130, 131

packet missing 130

packet triggered IKE 237

proposal

SA 299

unsupported 299

protocol 231

proxy mismatch 83

rekeying duration 241, 242

request rejected 247

SA 238, 244, 245, 248, 287, 289, 297

proposal 298, 299

tunnels 36, 94, 237, 238, 262, 325, 326, 344

ip verify reverse-path command 17, 18

L

L2TP

tunnel 195

land attack 16

large ICMP traffic attack 127

Leaving ALLOW mode, URL Server 86

link state advertisement

See LSA

link status `Up' or 'Down' 7

load balancing cluster

disconnected 209

redirected 209

log bufferwraps

save to internal Flash 14

send to FTP server 14

logging

class

filtering messages by 16

types 16

device-id, including in system messages 19

email

configuring as output destination 9

destination address 10

source address 10

EMBLEM format 20

facility option 9

filtering

by message list 17

by severity level 6

filtering messages

by message class 16

logging queue, configuring 19

output destinations

ASDM 10

email address 9, 10

internal buffer 6

syslog server 8

Telnet or SSH session 6

queue

changing the size of 19

configuring 19

viewing queue statistics 19

severity level

changing 21

timestamp, including 19

logging queue

configuring 19

log output destinations

ASDM 10

email address 9

internal buffer 6

syslog server 6

Telnet or SSH session 6

loopback network, invalid source address 16

lost failover communications with mate 6

low memory 95

failed operation 95

LSA

default with wrong mask 149

invalid type 149

not found 97

M

MAC address mismatch 142

man in the middle attack 99

memory

block depleted 8

corruption 212

insufficient 62, 142

leak 97

low 95

message block alloc failed 8

message classes

about 16

list of 16

message list

creating 17

filtering by 17

messages

alert log 21

component descriptions 23

connection-related 14, 57, 58, 76

format of 23

FTP??to 86

Mail Guard 21

severity levels 23

list of 23

SNMP 67

SSH 94

stateful failover 64, 65, 66

variables used in 23, 24

message severity levels

list of 23

MIBs 1

Microsoft Point-to-Point Encryption

See MPPE

module management 34

monitoring

SNMP 1

MPPE

encryption policy setup 137, 138

MS-CHAP 137

authentication 137

N

nat command 86

no associated connection within connection table 15

no authentication server found 25

no translation group found 86

O

OSPF

ABR without backbone area 96

checksum error 212

configuration change 213

database description from unknown neighbor 148

database request from unknown neighbor 148

hello from unknown neighbor 148

hello packet with duplicate router ID 150

IDB initializatrion 97

invalid packet 148

IP routing table inconsistency 97

LSA

default with wrong mask 149

invalid type 149

not found 97

neighbor state changed 184

network range area changed 213

packet of invalid length 149

process reset 98

router ID allocation failure 150

router-id reset 98

virtual links 98

outbound deny command 13

out of address translation slots! 62

output destinations 6

e-mail address 6, 9

internal buffer 6

SNMP management station 6

specifying 9

syslog server 6, 8

Telnet or SSH session 6

viewing logs 7

P

packet

denied 13, 14, 15, 18

integrity check 15

not matched outbound NAT rules 86

PAT

address 62, 141, 142

global address 15

host unspecified 15

ping of death attack 127

power failure, failover 2

PPP virtual interface 70

PPTP

packet out of sequence 194

tunnel 70, 195

XGRE packet 136

preallocate H323 UDP back connection 77

privilege level, changed 183

proxied RPC request attack 128

Q

queue, logging

changing the size of 19

viewing statistics 19

R

RADIUS authentication 137

RCMD, back connection failed 59

rebuilt TCP connection 77

reload command 34, 54

request discarded 227

router ID allocation failure 150

router-ID reset 98

rsh command 59

S

security

breach 15

context

added 184

context cannot be determined 18, 19

removed 185

parameters index

See SPI

self route 14

SETUP message 143

Severity level 1

ASA-1-199010 57

Severity level 2

ASA-2-716506 318

ASA-2-716525 321

ASA-2-716526 321

ASA-2-716527 322

Severity level 4

ASA-4-713255 281

severity levels, of system messages

changing 6

definition 24

filtering by 6

list of 24

Severuity level 6

ASA-6-106102 20

show command

blocks option 8

failover option 66, 372

local-host option 146

outbound option 13

static option 57, 58

version option 146

show static command 57

shuns 129

SIP connection 199

skinny connection 201

SMTP 21

SNMP

management station 6

MIBs 1

overview 1

traps 2

SPI 130

split network entry duplicate 211

spoofing attack 16, 17, 142

SSH 94

SSM 4GE44to 54

statd buffer overflow attack 128

stateful failover 64, 65, 66

SUA

disabled 210

enabled 209

SYN 15

attack 58

flag 15

syslog server

as output destination 8

designating 8

designating more than one 8

EMBLEM format

configuring 20

enabling 8

system messages

classes of 16

list of classes 16

configuring in groups

by message list 17

by severity level 6

creating lists of 15

device ID, including 19

disabling logging of 6

filtering

by message class 15

managing in groups

by message class 16

creating a message list 15

output destinations 6

email address 9

internal buffer 6

syslog message server 6

Telnet or SSH session 6

severity levels 24

changing the severity level of a message 6

timestamp, including 19

T

TCP

access permitted 226

access requested 226

connection limit exceeded 227

connections 226

incorrect header length 181

no associated connection in table 15

request discarded 227

translation creation failed 88

TCP FIN only flags attack 127

TCP NULL flags attack 127

TCP SYN+FIN flags attack 127

testing

interface 7

timeouts, recommended values 146

timeout uauth command 26

timestamp, including in system messages 19

too many connections on static 57

traps, SNMP 2

tunnel, PPTP 70

U

UDP

access permitted 226

bomb attack 127

chargen DoS attack 127

connections 226

messages 87

packet 14

request discarded 227

snork attack 127

translation creation failed 88

URL

buffer block space 86

filtering, disabled 86

Server 85

user authentication

disabled 210

enabled 210

error 28

user logged out 206

username

created 183

deleted 183

V

variables

in messages 23, 24

list of 24

viewing logs 7

virtual interface 70

virtual links 98

vpdn group command 137

VPN

peer limit 94

tunnel 94

VPN failover

client being disabled 362

CTCP flow handle error 369

failed to allocate chunk 362

failed to initialize 360

failed to receive message from active unit 372

memory allocation error 363

non-block message not sent 365

registration failure 362

SDI node secret file failed to synchronize 373

standby unit received corrupted message from active unit 370

state update message failure 370

timer error 364

trustpoint certification failure 363

trustpoint name not found 365

unable to add to message queue 369

version control block failure 362

W

web requests, unfiltered 86

Websense server 85

write command 34

erase option 34

standby command 66

standby option 65

write erase command 34

X

XAUTH enabled 211

XGRE, packet with invalid protocol field 136