COMMON.APP_FAILURE
|
Sent when
there is an unknown application failure.
|
Critical
|
COMMON.KEY_EXPIRED_ALERT
|
Sent when a
feature key has expired.
|
Warning
|
COMMON.KEY_EXPIRING_ALERT
|
Sent when a
feature key is about to expire.
|
Warning
|
COMMON.KEY_FINAL_EXPIRING_ALERT
|
Sent as a
final notice that a feature key is about to expire.
|
Warning
|
DNS.BOOTSTRAP_FAILED
|
Sent when the
appliance is unable to contact the root DNS servers.
|
Warning
|
COMMON.INVALID_FILTER
|
Sent when an
invalid filter is encountered.
|
Warning
|
IPBLOCKD.HOST_ADDED_TO_ALLOWED LIST
IPBLOCKD.HOST_ADDED_TO_BLOCKED LIST
IPBLOCKD.HOST_REMOVED_FROM_BLOCKED LIST
|
Alert
messages:
- The host at <IP address> has been added to the blocked list because of an SSH DOS attack.
- The host at <IP address> has been permanently added to the ssh allowed list.
- The host at <IP address> has been removed from the blocked list.
IP addresses that try to connect to the appliance over SSH but do not provide valid credentials are added to the SSH blocked
list if more than 10 failed attempts occur within two minutes.
When a user logs in successfully from the same IP address, that IP address is added to the allowed list.
Addresses on the allowed list are allowed access even if they are also on the blocked list.
|
Warning
|
LDAP.GROUP_QUERY_FAILED_ALERT
|
Sent when an
LDAP group query fails.
|
Critical
|
LDAP.HARD_ERROR
|
Sent when an
LDAP query fails completely (after trying all servers).
|
Critical
|
LOG.ERROR.*
|
Various
logging errors.
|
Critical
|
MAIL.PERRCPT.LDAP_GROUP_QUERY_FAILED
|
Sent when an
LDAP group query fails during per-recipient scanning.
|
Critical
|
MAIL.QUEUE.ERROR.*
|
Various mail
queue hard errors.
|
Critical
|
MAIL.RES_CON_START_ALERT.MEMORY
|
Sent when RAM
utilization has exceeded the system resource conservation threshold.
|
Critical
|
MAIL.RES_CON_START_ALERT.QUEUE_SLOW
|
Sent when
the mail queue is overloaded and system resource conservation is enabled.
|
Critical
|
MAIL.RES_CON_START_ALERT.QUEUE
|
Sent when
queue utilization has exceeded the system resource conservation threshold.
|
Critical
|
MAIL.RES_CON_START_ALERT.WORKQ
|
Sent when
listeners are suspended because the work queue size is too big.
|
Critical
|
MAIL.RES_CON_START_ALERT
|
Sent when
the appliance enters “resource conservation” mode.
|
Critical
|
MAIL.RES_CON_STOP_ALERT
|
Sent when
the appliance leaves “resource conservation” mode.
|
Critical
|
MAIL.WORK_QUEUE_PAUSED_NATURAL
|
Sent when
the work queue is paused.
|
Critical
|
MAIL.WORK_QUEUE_UNPAUSED_NATURAL
|
Sent when
the work queue is resumed.
|
Critical
|
NTP.NOT_ROOT
|
Sent when
the appliance is unable to adjust time because NTP is not running as root.
|
Warning
|
PERIODIC_REPORTS.DOMAIN_REPORT. DOMAIN_FILE_ERRORS
|
Sent when
errors are found in the domain specification file.
|
Critical
|
PERIODIC_REPORTS.DOMAIN_REPORT.FILE_EMPTY
|
Sent when
the domain specification file is empty.
|
Critical
|
PERIODIC_REPORTS.DOMAIN_REPORT.FILE_MISSING
|
Sent when
the domain specification file is not found.
|
Critical
|
REPORTD.DATABASE_OPEN_FAILED_ALERT
|
Sent if the
reporting engine is unable to open the database.
|
Critical
|
REPORTD.AGGREGATION_DISABLED_ALERT
|
Sent if the
system runs out of disk space. When the disk usage for a log entry exceeds the
log usage threshold, reportd disables aggregation and sends the alert.
|
Warning
|
REPORTING.CLIENT.UPDATE_FAILED_ALERT
|
Sent if the
reporting engine was unable to save reporting data.
|
Warning
|
REPORTING.CLIENT.JOURNAL.FULL
|
Sent if the
reporting engine is unable to store new data.
|
Critical
|
REPORTING.CLIENT.JOURNAL.FREE
|
Sent when
the reporting engine is again able to store new data.
|
Information
|
PERIODIC_REPORTS.REPORT_TASK. BUILD_FAILURE_ALERT
|
Sent when
the reporting engine is unable to build a report.
|
Critical
|
PERIODIC_REPORTS.REPORT_TASK. EMAIL_FAILURE_ALERT
|
Sent when a
report could not be emailed.
|
Critical
|
PERIODIC_REPORTS.REPORT_TASK. ARCHIVE_FAILURE_ALERT
|
Sent when a
report could not be archived.
|
Critical
|
SENDERBASE.ERROR
|
Sent when
an error occurred while processing a response from SenderBase.
|
Information
|
SMAD.ICCM.ALERT_PUSH_FAILED
|
Sent if a
configuration push failed for one or more hosts.
|
Warning
|
SMAD.TRANSFER.TRANSFERS_STALLED
|
Sent if SMA
logs are unable to fetch tracking data for two hours or reporting data for six
hours.
|
Warning
|
SMTPAUTH.FWD_SERVER_FAILED_ALERT
|
Sent when
the SMTP Authentication forwarding server is unreachable.
|
Warning
|
SMTPAUTH.LDAP_QUERY_FAILED
|
Sent when
an LDAP query fails.
|
Warning
|
SYSTEM.HERMES_SHUTDOWN_FAILURE.
REBOOT
|
Sent when
there was a problem shutting down the system on reboot.
|
Warning
|
SYSTEM.HERMES_SHUTDOWN_FAILURE.
SHUTDOWN
|
Sent when
there was a problem shutting down the system.
|
Warning
|
SYSTEM.RCPTVALIDATION.UPDATE_FAILED
|
Sent when a
recipient validation update failed.
|
Critical
|
SYSTEM.SERVICE_TUNNEL.DISABLED
|
Sent when a
tunnel created for Cisco Support Services is disabled.
|
Information
|
SYSTEM.SERVICE_TUNNEL.ENABLED
|
Sent when a
tunnel created for Cisco Support Services is enabled.
|
Information
|