Table Of Contents
Messages Listed by Severity Level
Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7
Messages Listed by Severity Level
Syslog messages severity levels are as follows:
•Alert Messages, Severity 1
•Critical Messages, Severity 2
•Error Messages, Severity 3
•Warning Messages, Severity 4
•Notification Messages, Severity 5
•Informational Messages, Severity 6
•Debugging Messages, Severity 7
Note PIX Firewall does not send severity 0, emergency messages to syslog. These are analogous to a UNIX panic message and denote an unstable system.
All messages are described in detail in Chapter 2, "System Log Messages."
Alert Messages, Severity 1
The following messages appear at severity 1, alerts:
•%PIX-1-101001: (Primary) Failover cable OK.
•%PIX-1-101002: (Primary) Bad failover cable.
•%PIX-1-101003: (Primary) Failover cable not connected (this unit).
•%PIX-1-101004: (Primary) Failover cable not connected (other unit).
•%PIX-1-101005: (Primary) Error reading failover cable status.
•%PIX-1-102001: (Primary) Power failure/System reload other side.
•%PIX-1-103001: (Primary) No response from other firewall.
•%PIX-1-103002: (Primary) Other firewall network interface interface_number OK.
•%PIX-1-103003: (Primary) Other firewall network interface interface_number failed.
•%PIX-1-103004: (Primary) Other firewall reports this firewall failed.
•%PIX-1-103005: (Primary) Other firewall reporting failure.
•%PIX-1-104001: (Primary) Switching to ACTIVE (cause: reason).
•%PIX-1-104002: (Primary) Switching to STNDBY.
•%PIX-1-104003: (Primary) Switching to FAILED.
•%PIX-1-104004: (Primary) Switching to OK.
•%PIX-1-105001: (Primary) Disabling failover.
•%PIX-1-105002: (Primary) Enabling failover.
•%PIX-1-105003: (Primary) Monitoring on interface interface_number waiting.
•%PIX-1-105004: (Primary) Monitoring on interface interface_number normal.
•%PIX-1-105005: (Primary) Lost failover communications with mate on interface interface_number.
•%PIX-1-105006: (Primary) Link status `Up' on interface interface_number.
•%PIX-1-105007: (Primary) Link status `Down' on interface interface_number.
•%PIX-1-105008: (Primary) Testing interface interface_number.
•%PIX-1-105009: (Primary) Testing interface interface_number result.
•%PIX-1-105020: (Primary) Incomplete/slow config replication
•%PIX-1-709003: (Primary) Beginning configuration replication: Send to mate.
•%PIX-1-709004: (Primary) End Configuration Replication (ACT)
•%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate.
•%PIX-1-709005: (Primary) Beginning configuration replication: Receiving from mate.
•%PIX-1-709006: (Primary) End Configuration Replication (STB)
Critical Messages, Severity 2
The following messages appear at severity 2, critical:
•%PIX-2-106001: Inbound TCP connection denied from IP_addr/port to IP_addr/port flags TCP_flags
•%PIX-2-106002: protocol Connection denied by outbound list list_ID src laddr lport dest faddr fport
•%PIX-2-106003: Connection denied src laddr dest faddr due to JAVA Applet.
•%PIX-2-106006: Deny inbound UDP from laddr/lport to faddr/fport
•%PIX-2-106007: Deny inbound UDP from faddr/fport to laddr/lport due to DNS flag.
•%PIX-2-106009: Translation for src_addr to dest_addr/dport denied by outbound (destination is denied) port
•%PIX-2-106012: Deny IP from IP_addr to IP_addr, IP options hex.
•%PIX-2-106013: Dropping echo request from IP_addr to PAT address IP_addr
•%PIX-2-106016: Deny IP spoof from (IP_addr) to IP_addr
•%PIX-2-106017: Packet contains ActiveX content and has been modified src laddr dest to faddr
•%PIX-2-106018: ICMP packet type ICMP_type denied by outbound list list_ID src laddr dest faddr
•%PIX-2-108002: SMTP replaced chars: out src_addr in laddr data: chars
•%PIX-2-109011: Authen Session Start: user 'user', sid session_num
•%PIX-2-110003: No interface is configured (with nameif).
•%PIX-2-112001: (chars:dec) pix clear finished
•%PIX-2-201003: Embryonic limit exceeded neconns/elimit for faddr/fport (gaddr) laddr/lport
•%PIX-2-304007: URL Server IP_addr not responding, ENTERING ALLOW mode
•%PIX-2-304008: LEAVING ALLOW mode, URL Server is up
Error Messages, Severity 3
The following messages appear at severity 3, errors:
•%PIX-3-105010: (Primary) failover message block alloc failed
•%PIX-3-106010: Deny inbound from outside:IP_addr to inside:IP_addr chars.
•%PIX-3-106014: Deny inbound icmp src interface name: IP_addr dst interface name: IP_addr (type dec, code dec)
•%PIX-3-109010: Auth from laddr/lport to faddr/fport failed (too many pending auths)
•%PIX-3-109013: User must authenticate before using this service
•%PIX-3-110002: No ARP for host IP_addr
•%PIX-3-201001: Out of connections! dec/dec.
•%PIX-3-201002: Too many connections on static|xlate gaddr! econns nconns
•%PIX-3-201005: FTP data connection failed for IP_addr.
•%PIX-3-201006: RCMD backconnection failed for IP_addr/port.
•%PIX-3-201007: Unable to allocate new udp connections (faddr/fport-laddr/lport)
•%PIX-3-201008: The PIX is disallowing new connections.
•%PIX-3-202001: Out of address translation slots!
•%PIX-3-202002: getxlate failed int_name.
•%PIX-3-202003: Couldn't find xlate gaddr laddr dest_addr int_name.
•%PIX-3-202004: Couldn't find xlate gaddr laddr dest_addr int_name
•%PIX-3-208005: (chars:dec) pix clear command return return_code
•%PIX-3-209001: IPFRAG: Unable to allocate frag record for src_addr/src_port to dest_addr/dest_port
•%PIX-3-209002: IPFRAG: First Frag have not been seen source_host to dest_host
•%PIX-3-304003: URL Server IP_addr timed out URL string
•%PIX-3-305005: No translation group found for protocol
•%PIX-3-305006: type translation creation failed for protocol
•%PIX-3-309001: Denied manager connection from IP_addr.
Warning Messages, Severity 4
The only severity 4 message is as follows:
%PIX-4-308002: static gaddr1 laddr1 netmask mask1 overlapped with gaddr2 laddr2
Notification Messages, Severity 5
The following messages appear at severity 5, notifications:
•%PIX-5-109012: Authen Session End: user 'user', sid session_num, elapsed num_seconds seconds
•%PIX-5-111001: Begin configuration: IP_addr writing to device
•%PIX-5-111003: IP_addr erase configuration
•%PIX-5-111004: IP_addr end configuration: [FAILED]|[OK]
•%PIX-5-111005: IP_addr end configuration: OK
•%PIX-5-111006: Console login from user at IP_addr
•%PIX-5-111007: Begin configuration: IP_addr reading from device.
•%PIX-5-111008: User 'user' executed the 'command' command.
•%PIX-5-199001: PIX reload command executed from IP_addr.
•%PIX-5-304001: text IP_addr Accessed IP_addr:chars.
•%PIX-5-304002: Access denied URL chars SRC IP_addr DEST IP_addr: chars
Informational Messages, Severity 6
The following messages appear at severity 6, informational:
•%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to IP_addr/port flags.
•%PIX-6-109001: Auth start for user `username' from laddr/lport to faddr/fport
•%PIX-6-109002: Auth from IP_addr/port to IP_addr/port failed (server IP_addr failed)
•%PIX-6-109003: Auth from laddr/lport to faddr/fport failed (all servers failed)
•%PIX-6-109005: Authentication succeeded for user `user' from laddr/lport to faddr/fport.
•%PIX-6-109006: Authentication failed for user `user' from laddr/lport to faddr/fport.
•%PIX-6-109007: Authorization permitted for user `user' from laddr/lport to faddr/fport.
•%PIX-6-109008: Authorization denied for user `user' from laddr/lport to faddr/fport.
•%PIX-6-109009: Authorization denied from laddr/lport to faddr/fport (not authenticated)
•%PIX-6-199002: PIX startup completed. Beginning operation.
•%PIX-6-199003: Reducing link MTU dec.
•%PIX-6-199005: PIX Startup begin
•%PIX-6-302001: Built inbound TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port
•%PIX-6-302003: Built H245 connection for faddr IP_addr laddr IP_addr/port
•%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr IP_addr to laddr IP_addr/port
•%PIX-6-302005: Built UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port
•%PIX-6-302006: Teardown UDP connection for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port
•%PIX-6-302009: Rebuilt TCP connection number for faddr IP_addr/port gaddr IP_addr/port laddr IP_addr/port
•%PIX-6-302010: connections in use, connections most used
•%PIX-6-303002: IP_addr retrieved IP_addr:chars
•%PIX-6-304004: URL Server IP_addr request failed URL chars
•%PIX-6-305001: Portmapped translation built for gaddr IP_addr/port laddr IP_addr/port (chars)
•%PIX-6-305002: Translation built for gaddr IP_addr to IP_addr
•%PIX-6-305003: Teardown translation for global IP_addr local IP_addr
•%PIX-6-305004: Teardown portmap translation for global IP_addr/port local IP_addr/port
•%PIX-6-305007: text(): Orphan IP IP_addr on interface interface_number
•%PIX-6-307001: Denied Telnet login session from IP_addr.
•%PIX-6-307002: Permitted Telnet login session from IP_addr.
•%PIX-6-307003: telnet login session failed from IP_addr (3 attempts).
•%PIX-6-308001: PIX console enable password incorrect for 3 tries from IP_addr.
•%PIX-6-309002: Permitted manager connection from IP_addr.
Debugging Messages, Severity 7
The following messages appear at severity 7, debugging:
•%PIX-7-106011: Deny inbound (no xlate) chars
•%PIX-7-109014: uauth_lookup_net fail for uauth_in()
•%PIX-7-304005: URL Server IP_addr request pending URL chars
•%PIX-7-701001: alloc_user() out of Tcp_user objects
•%PIX-7-709001: (Primary) Rep CI ioctl (chars) return chars
•%PIX-7-709002: (Primary) Rep no replication chars