Messages Listed by Severity Level [Cisco PIX Firewall Software]

Table Of Contents

Messages Listed by Severity Level

Alert Messages, Severity 1

Critical Messages, Severity 2

Error Messages, Severity 3

Warning Messages, Severity 4

Notification Messages, Severity 5

Informational Messages, Severity 6

Debugging Messages, Severity 7

Messages Listed by Severity Level

Syslog messages severity levels are as follows:

•Alert Messages, Severity 1

•Critical Messages, Severity 2

•Error Messages, Severity 3

•Warning Messages, Severity 4

•Notification Messages, Severity 5

•Informational Messages, Severity 6

•Debugging Messages, Severity 7

Note PIX Firewall does not send severity 0, emergency messages to syslog. These are analogous to a UNIX panic message and denote an unstable system.

All messages are described in detail in Chapter 2, "System Log Messages."

Alert Messages, Severity 1

The following messages appear at severity 1, alerts:

•%PIX-1-101001: (Primary) Failover cable OK.

•%PIX-1-101002: (Primary) Bad failover cable.

•%PIX-1-101003: (Primary) Failover cable not connected (this unit).

•%PIX-1-101004: (Primary) Failover cable not connected (other unit).

•%PIX-1-101005: (Primary) Error reading failover cable status.

•%PIX-1-102001: (Primary) Power failure/System reload other side.

•%PIX-1-103001: (Primary) No response from other firewall.

•%PIX-1-103002: (Primary) Other firewall network interface interface_number OK.

•%PIX-1-103003: (Primary) Other firewall network interface interface_number failed.

•%PIX-1-103004: (Primary) Other firewall reports this firewall failed.

•%PIX-1-103005: (Primary) Other firewall reporting failure.

•%PIX-1-104001: (Primary) Switching to ACTIVE (cause: reason).

•%PIX-1-104002: (Primary) Switching to STNDBY.

•%PIX-1-104003: (Primary) Switching to FAILED.

•%PIX-1-104004: (Primary) Switching to OK.

•%PIX-1-105001: (Primary) Disabling failover.

•%PIX-1-105002: (Primary) Enabling failover.

•%PIX-1-105003: (Primary) Monitoring on interface interface_number waiting.

•%PIX-1-105004: (Primary) Monitoring on interface interface_number normal.

•%PIX-1-105005: (Primary) Lost failover communications with mate on interface interface_number.

•%PIX-1-105006: (Primary) Link status `Up' on interface interface_number.

•%PIX-1-105007: (Primary) Link status `Down' on interface interface_number.

•%PIX-1-105008: (Primary) Testing interface interface_number.

•%PIX-1-105009: (Primary) Testing interface interface_number result.

•%PIX-1-105020: (Primary) Incomplete/slow config replication

•%PIX-1-709003: (Primary) Beginning configuration replication: Send to mate.

•%PIX-1-709004: (Primary) End Configuration Replication (ACT)

•%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate.

•%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate.

•%PIX-1-709006: (Primary) End Configuration Replication (STB)

Critical Messages, Severity 2

The following messages appear at severity 2, critical:

•%PIX-2-106001: Inbound TCP connection denied from IP_addr/port to IP_addr/port flags TCP_flags

•%PIX-2-106002: protocol Connection denied by outbound list list_ID src laddr lport dest faddr fport

•%PIX-2-106003: Connection denied src laddr dest faddr due to JAVA Applet.

•%PIX-2-106006: Deny inbound UDP from laddr/lport to faddr/fport

•%PIX-2-106007: Deny inbound UDP from faddr/fport to laddr/lport due to DNS flag.

•%PIX-2-106009: Translation for src_addr to dest_addr/dport denied by outbound (destination is denied) port

•%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex.

•%PIX-2-106013: Dropping echo request from IP_addr to PAT address IP_addr

•%PIX-2-106016: Deny IP spoof from (IP_addr) to IP_addr

•%PIX-2-106017: Packet contains ActiveX content and has been modified src laddr dest to faddr

•%PIX-2-106018: ICMP packet type ICMP_type denied by outbound list list_ID src laddr dest faddr

•%PIX-2-108002: SMTP replaced chars: out src_addr in laddr data: chars

•%PIX-2-109011: Authen Session Start: user 'user', sid session_num

•%PIX-2-110003: No interface is configured (with nameif).

•%PIX-2-112001: (chars:dec) pix clear finished

•%PIX-2-201003: Embryonic limit exceeded neconns/elimit for faddr/fport (gaddr) laddr/lport

•%PIX-2-304007: URL Server IP_addr not responding, ENTERING ALLOW mode

•%PIX-2-304008: LEAVING ALLOW mode, URL Server is up

Error Messages, Severity 3

The following messages appear at severity 3, errors:

•%PIX-3-105010: (Primary) failover message block alloc failed

•%PIX-3-106010: Deny inbound from outside:IP_addr to inside:IP_addr chars.

•%PIX-3-106014: Deny inbound icmp src interface name: IP_addr dst interface name: IP_addr (type dec, code dec)

•%PIX-3-109010: Auth from laddr/lport to faddr/fport failed (too many pending auths)

•%PIX-3-109013: User must authenticate before using this service

•%PIX-3-110002: No ARP for host IP_addr

•%PIX-3-201001: Out of connections! dec/dec.

•%PIX-3-201002: Too many connections on static|xlate gaddr! econns nconns

•%PIX-3-201005: FTP data connection failed for IP_addr.

•%PIX-3-201006: RCMD backconnection failed for IP_addr/port.

•%PIX-3-201007: Unable to allocate new udp connections (faddr/fport-laddr/lport)

•%PIX-3-201008: The PIX is disallowing new connections.

•%PIX-3-202001: Out of address translation slots!

•%PIX-3-202002: getxlate failed int_name.

•%PIX-3-202003: Couldn't find xlate gaddr laddr dest_addr int_name.

•%PIX-3-202004: Couldn't find xlate gaddr laddr dest_addr int_name

•%PIX-3-208005: (chars:dec) pix clear command return return_code

•%PIX-3-209001: IPFRAG: Unable to allocate frag record for src_addr/src_port to dest_addr/dest_port

•%PIX-3-209002: IPFRAG: First Frag have not been seen source_host to dest_host

•%PIX-3-304003: URL Server IP_addr timed out URL string

•%PIX-3-305005: No translation group found for protocol

•%PIX-3-305006: type translation creation failed for protocol

•%PIX-3-309001: Denied manager connection from IP_addr.

Warning Messages, Severity 4

The only severity 4 message is as follows:

%PIX-4-308002: static gaddr1 laddr1 netmask mask1 overlapped with gaddr2 laddr2

Notification Messages, Severity 5

The following messages appear at severity 5, notifications:

•%PIX-5-109012: Authen Session End: user 'user', sid session_num, elapsed num_seconds seconds

•%PIX-5-111001: Begin configuration: IP_addr writing to device

•%PIX-5-111003: IP_addr erase configuration

•%PIX-5-111004: IP_addr end configuration: [FAILED]|[OK]

•%PIX-5-111005: IP_addr end configuration: OK

•%PIX-5-111006: Console login from user at IP_addr

•%PIX-5-111007: Begin configuration: IP_addr reading from device.

•%PIX-5-111008: User 'user' executed the 'command' command.

•%PIX-5-199001: PIX reload command executed from IP_addr.

•%PIX-5-304001: text IP_addr Accessed IP_addr:chars.

•%PIX-5-304002: Access denied URL chars SRC IP_addr DEST IP_addr: chars

Informational Messages, Severity 6

The following messages appear at severity 6, informational:

•%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags.

•%PIX-6-109001: Auth start for user `username' from laddr/lport to faddr/fport

•%PIX-6-109002: Auth from IP_addr/port to IP_addr/port failed (server IP_addr failed)

•%PIX-6-109003: Auth from laddr/lport to faddr/fport failed (all servers failed)

•%PIX-6-109005: Authentication succeeded for user `user' from laddr/lport to faddr/fport.

•%PIX-6-109006: Authentication failed for user `user' from laddr/lport to faddr/fport.

•%PIX-6-109007: Authorization permitted for user `user' from laddr/lport to faddr/fport.

•%PIX-6-109008: Authorization denied for user `user' from laddr/lport to faddr/fport.

•%PIX-6-109009: Authorization denied from laddr/lport to faddr/fport (not authenticated)

•%PIX-6-199002: PIX startup completed. Beginning operation.

•%PIX-6-199003: Reducing link MTU dec.

•%PIX-6-199005: PIX Startup begin

•%PIX-6-302001: Built inbound TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port

•%PIX-6-302003: Built H245 connection for faddr IP_addr laddr IP_addr/port

•%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr IP_addr to laddr IP_addr/port

•%PIX-6-302005: Built UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port

•%PIX-6-302006: Teardown UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port

•%PIX-6-302009: Rebuilt TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port

•%PIX-6-302010: connections in use, connections most used

•%PIX-6-303002: IP_addr retrieved IP_addr:chars

•%PIX-6-304004: URL Server IP_addr request failed URL chars

•%PIX-6-305001: Portmapped translation built for gaddr IP_addr/port laddr IP_addr/port (chars)

•%PIX-6-305002: Translation built for gaddr IP_addr to IP_addr

•%PIX-6-305003: Teardown translation for global IP_addr local IP_addr

•%PIX-6-305004: Teardown portmap translation for global IP_addr/port local IP_addr/port

•%PIX-6-305007: text(): Orphan IP IP_addr on interface interface_number

•%PIX-6-307001: Denied Telnet login session from IP_addr.

•%PIX-6-307002: Permitted Telnet login session from IP_addr.

•%PIX-6-307003: telnet login session failed from IP_addr (3 attempts).

•%PIX-6-308001: PIX console enable password incorrect for 3 tries from IP_addr.

•%PIX-6-309002: Permitted manager connection from IP_addr.

Debugging Messages, Severity 7

The following messages appear at severity 7, debugging:

•%PIX-7-106011: Deny inbound (no xlate) chars

•%PIX-7-109014: uauth_lookup_net fail for uauth_in()

•%PIX-7-304005: URL Server IP_addr request pending URL chars

•%PIX-7-701001: alloc_user() out of Tcp_user objects

•%PIX-7-709001: (Primary) Rep CI ioctl (chars) return chars

•%PIX-7-709002: (Primary) Rep no replication chars


	Messages Listed by Severity Level
	Download this chapter Messages Listed by Severity Level Feedback Table Of Contents Messages Listed by Severity Level Alert Messages, Severity 1 Critical Messages, Severity 2 Error Messages, Severity 3 Warning Messages, Severity 4 Notification Messages, Severity 5 Informational Messages, Severity 6 Debugging Messages, Severity 7 Messages Listed by Severity Level Syslog messages severity levels are as follows: •Alert Messages, Severity 1 •Critical Messages, Severity 2 •Error Messages, Severity 3 •Warning Messages, Severity 4 •Notification Messages, Severity 5 •Informational Messages, Severity 6 •Debugging Messages, Severity 7 Note PIX Firewall does not send severity 0, emergency messages to syslog. These are analogous to a UNIX panic message and denote an unstable system. All messages are described in detail in Chapter 2, "System Log Messages." Alert Messages, Severity 1 The following messages appear at severity 1, alerts: •%PIX-1-101001: (Primary) Failover cable OK. •%PIX-1-101002: (Primary) Bad failover cable. •%PIX-1-101003: (Primary) Failover cable not connected (this unit). •%PIX-1-101004: (Primary) Failover cable not connected (other unit). •%PIX-1-101005: (Primary) Error reading failover cable status. •%PIX-1-102001: (Primary) Power failure/System reload other side. •%PIX-1-103001: (Primary) No response from other firewall. •%PIX-1-103002: (Primary) Other firewall network interface interface_number OK. •%PIX-1-103003: (Primary) Other firewall network interface interface_number failed. •%PIX-1-103004: (Primary) Other firewall reports this firewall failed. •%PIX-1-103005: (Primary) Other firewall reporting failure. •%PIX-1-104001: (Primary) Switching to ACTIVE (cause: reason). •%PIX-1-104002: (Primary) Switching to STNDBY. •%PIX-1-104003: (Primary) Switching to FAILED. •%PIX-1-104004: (Primary) Switching to OK. •%PIX-1-105001: (Primary) Disabling failover. •%PIX-1-105002: (Primary) Enabling failover. •%PIX-1-105003: (Primary) Monitoring on interface interface_number waiting. •%PIX-1-105004: (Primary) Monitoring on interface interface_number normal. •%PIX-1-105005: (Primary) Lost failover communications with mate on interface interface_number. •%PIX-1-105006: (Primary) Link status `Up' on interface interface_number. •%PIX-1-105007: (Primary) Link status `Down' on interface interface_number. •%PIX-1-105008: (Primary) Testing interface interface_number. •%PIX-1-105009: (Primary) Testing interface interface_number result. •%PIX-1-105020: (Primary) Incomplete/slow config replication •%PIX-1-709003: (Primary) Beginning configuration replication: Send to mate. •%PIX-1-709004: (Primary) End Configuration Replication (ACT) •%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate. •%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate. •%PIX-1-709006: (Primary) End Configuration Replication (STB) Critical Messages, Severity 2 The following messages appear at severity 2, critical: •%PIX-2-106001: Inbound TCP connection denied from IP_addr/port to IP_addr/port flags TCP_flags •%PIX-2-106002: protocol Connection denied by outbound list list_ID src laddr lport dest faddr fport •%PIX-2-106003: Connection denied src laddr dest faddr due to JAVA Applet. •%PIX-2-106006: Deny inbound UDP from laddr/lport to faddr/fport •%PIX-2-106007: Deny inbound UDP from faddr/fport to laddr/lport due to DNS flag. •%PIX-2-106009: Translation for src_addr to dest_addr/dport denied by outbound (destination is denied) port •%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex. •%PIX-2-106013: Dropping echo request from IP_addr to PAT address IP_addr •%PIX-2-106016: Deny IP spoof from (IP_addr) to IP_addr •%PIX-2-106017: Packet contains ActiveX content and has been modified src laddr dest to faddr •%PIX-2-106018: ICMP packet type ICMP_type denied by outbound list list_ID src laddr dest faddr •%PIX-2-108002: SMTP replaced chars: out src_addr in laddr data: chars •%PIX-2-109011: Authen Session Start: user 'user', sid session_num •%PIX-2-110003: No interface is configured (with nameif). •%PIX-2-112001: (chars:dec) pix clear finished •%PIX-2-201003: Embryonic limit exceeded neconns/elimit for faddr/fport (gaddr) laddr/lport •%PIX-2-304007: URL Server IP_addr not responding, ENTERING ALLOW mode •%PIX-2-304008: LEAVING ALLOW mode, URL Server is up Error Messages, Severity 3 The following messages appear at severity 3, errors: •%PIX-3-105010: (Primary) failover message block alloc failed •%PIX-3-106010: Deny inbound from outside:IP_addr to inside:IP_addr chars. •%PIX-3-106014: Deny inbound icmp src interface name: IP_addr dst interface name: IP_addr (type dec, code dec) •%PIX-3-109010: Auth from laddr/lport to faddr/fport failed (too many pending auths) •%PIX-3-109013: User must authenticate before using this service •%PIX-3-110002: No ARP for host IP_addr •%PIX-3-201001: Out of connections! dec/dec. •%PIX-3-201002: Too many connections on static\|xlate gaddr! econns nconns •%PIX-3-201005: FTP data connection failed for IP_addr. •%PIX-3-201006: RCMD backconnection failed for IP_addr/port. •%PIX-3-201007: Unable to allocate new udp connections (faddr/fport-laddr/lport) •%PIX-3-201008: The PIX is disallowing new connections. •%PIX-3-202001: Out of address translation slots! •%PIX-3-202002: getxlate failed int_name. •%PIX-3-202003: Couldn't find xlate gaddr laddr dest_addr int_name. •%PIX-3-202004: Couldn't find xlate gaddr laddr dest_addr int_name •%PIX-3-208005: (chars:dec) pix clear command return return_code •%PIX-3-209001: IPFRAG: Unable to allocate frag record for src_addr/src_port to dest_addr/dest_port •%PIX-3-209002: IPFRAG: First Frag have not been seen source_host to dest_host •%PIX-3-304003: URL Server IP_addr timed out URL string •%PIX-3-305005: No translation group found for protocol •%PIX-3-305006: type translation creation failed for protocol •%PIX-3-309001: Denied manager connection from IP_addr. Warning Messages, Severity 4 The only severity 4 message is as follows: %PIX-4-308002: static gaddr1 laddr1 netmask mask1 overlapped with gaddr2 laddr2 Notification Messages, Severity 5 The following messages appear at severity 5, notifications: •%PIX-5-109012: Authen Session End: user 'user', sid session_num, elapsed num_seconds seconds •%PIX-5-111001: Begin configuration: IP_addr writing to device •%PIX-5-111003: IP_addr erase configuration •%PIX-5-111004: IP_addr end configuration: [FAILED]\|[OK] •%PIX-5-111005: IP_addr end configuration: OK •%PIX-5-111006: Console login from user at IP_addr •%PIX-5-111007: Begin configuration: IP_addr reading from device. •%PIX-5-111008: User 'user' executed the 'command' command. •%PIX-5-199001: PIX reload command executed from IP_addr. •%PIX-5-304001: text IP_addr Accessed IP_addr:chars. •%PIX-5-304002: Access denied URL chars SRC IP_addr DEST IP_addr: chars Informational Messages, Severity 6 The following messages appear at severity 6, informational: •%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags. •%PIX-6-109001: Auth start for user `username' from laddr/lport to faddr/fport •%PIX-6-109002: Auth from IP_addr/port to IP_addr/port failed (server IP_addr failed) •%PIX-6-109003: Auth from laddr/lport to faddr/fport failed (all servers failed) •%PIX-6-109005: Authentication succeeded for user `user' from laddr/lport to faddr/fport. •%PIX-6-109006: Authentication failed for user `user' from laddr/lport to faddr/fport. •%PIX-6-109007: Authorization permitted for user `user' from laddr/lport to faddr/fport. •%PIX-6-109008: Authorization denied for user `user' from laddr/lport to faddr/fport. •%PIX-6-109009: Authorization denied from laddr/lport to faddr/fport (not authenticated) •%PIX-6-199002: PIX startup completed. Beginning operation. •%PIX-6-199003: Reducing link MTU dec. •%PIX-6-199005: PIX Startup begin •%PIX-6-302001: Built inbound TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port •%PIX-6-302003: Built H245 connection for faddr IP_addr laddr IP_addr/port •%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr IP_addr to laddr IP_addr/port •%PIX-6-302005: Built UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port •%PIX-6-302006: Teardown UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port •%PIX-6-302009: Rebuilt TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port •%PIX-6-302010: connections in use, connections most used •%PIX-6-303002: IP_addr retrieved IP_addr:chars •%PIX-6-304004: URL Server IP_addr request failed URL chars •%PIX-6-305001: Portmapped translation built for gaddr IP_addr/port laddr IP_addr/port (chars) •%PIX-6-305002: Translation built for gaddr IP_addr to IP_addr •%PIX-6-305003: Teardown translation for global IP_addr local IP_addr •%PIX-6-305004: Teardown portmap translation for global IP_addr/port local IP_addr/port •%PIX-6-305007: text(): Orphan IP IP_addr on interface interface_number •%PIX-6-307001: Denied Telnet login session from IP_addr. •%PIX-6-307002: Permitted Telnet login session from IP_addr. •%PIX-6-307003: telnet login session failed from IP_addr (3 attempts). •%PIX-6-308001: PIX console enable password incorrect for 3 tries from IP_addr. •%PIX-6-309002: Permitted manager connection from IP_addr. Debugging Messages, Severity 7 The following messages appear at severity 7, debugging: •%PIX-7-106011: Deny inbound (no xlate) chars •%PIX-7-109014: uauth_lookup_net fail for uauth_in() •%PIX-7-304005: URL Server IP_addr request pending URL chars •%PIX-7-701001: alloc_user() out of Tcp_user objects •%PIX-7-709001: (Primary) Rep CI ioctl (chars) return chars •%PIX-7-709002: (Primary) Rep no replication chars
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks