1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. NBG334W
    5. /
  5. 41
Page 201 / 296 Scroll up to view Page 196 - 200
Chapter 20 Logs
NBG334W User’s Guide
201
%s: Proxy mode
detected
The router detected proxy mode in the packet.
%s
The content filter server responded that the web site is in the blocked
category list, but it did not return the category type.
%s:%s
The content filter server responded that the web site is in the blocked
category list, and returned the category type.
%s(cache hit)
The system detected that the web site is in the blocked list from the
local cache, but does not know the category type.
%s:%s(cache hit)
The system detected that the web site is in blocked list from the local
cache, and knows the category type.
%s: Trusted Web site
The web site is in a trusted domain.
%s
When the content filter is not on according to the time schedule or you
didn't select the "Block Matched Web Site” check box, the system
forwards the web content.
Waiting content filter
server timeout
The external content filtering server did not respond within the timeout
period.
DNS resolving failed
The NBG334W cannot get the IP address of the external content
filtering via DNS query.
Creating socket failed
The NBG334W cannot issue a query because TCP/IP socket creation
failed, port:port number.
Connecting to content
filter server fail
The connection to the external content filtering server failed.
License key is invalid
The external content filtering license key is invalid.
Table 88
Attack Logs
LOG MESSAGE
DESCRIPTION
attack [TCP | UDP | IGMP
| ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack. For type and code details,
see
Table 92 on page 204
.
land [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack. For type and code
details, see
Table 92 on page 204
.
ip spoofing - WAN [TCP |
UDP | IGMP | ESP | GRE |
OSPF]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN
port. For type and code details, see
Table 92 on page 204
.
icmp echo: ICMP (type:%d,
code:%d)
The firewall detected an ICMP echo attack. For type and code
details, see
Table 92 on page 204
.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
Table 87
Content Filtering Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 202 / 296
Chapter 20 Logs
NBG334W User’s Guide
202
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack. For type and code
details, see
Table 92 on page 204
.
illegal command TCP
The firewall detected a TCP illegal command attack.
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall classified a packet with no source routing entry as an
IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source routing
entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack. For type and
code details, see
Table 92 on page 204
.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack. For type and
code details, see
Table 92 on page 204
.
Table 89
PKI Logs
LOG MESSAGE
DESCRIPTION
Enrollment successful
The SCEP online certificate enrollment was successful. The
Destination field records the certification authority server IP address
and port.
Enrollment failed
The SCEP online certificate enrollment failed. The Destination field
records the certification authority server’s IP address and port.
Failed to resolve
<SCEP CA server url>
The SCEP online certificate enrollment failed because the certification
authority server’s address cannot be resolved.
Enrollment successful
The CMP online certificate enrollment was successful. The Destination
field records the certification authority server’s IP address and port.
Enrollment failed
The CMP online certificate enrollment failed. The Destination field
records the certification authority server’s IP address and port.
Failed to resolve <CMP
CA server url>
The CMP online certificate enrollment failed because the certification
authority server’s IP address cannot be resolved.
Rcvd ca cert: <subject
name>
The router received a certification authority certificate, with subject
name as recorded, from the LDAP server whose IP address and port
are recorded in the Source field.
Rcvd user cert:
<subject name>
The router received a user certificate, with subject name as recorded,
from the LDAP server whose IP address and port are recorded in the
Source field.
Rcvd CRL <size>:
<issuer name>
The router received a CRL (Certificate Revocation List), with size and
issuer name as recorded, from the LDAP server whose IP address and
port are recorded in the Source field.
Rcvd ARL <size>:
<issuer name>
The router received an ARL (Authority Revocation List), with size and
issuer name as recorded, from the LDAP server whose address and
port are recorded in the Source field.
Table 88
Attack Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 203 / 296
Chapter 20 Logs
NBG334W User’s Guide
203
Failed to decode the
received ca cert
The router received a corrupted certification authority certificate from
the LDAP server whose address and port are recorded in the Source
field.
Failed to decode the
received user cert
The router received a corrupted user certificate from the LDAP server
whose address and port are recorded in the Source field.
Failed to decode the
received CRL
The router received a corrupted CRL (Certificate Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
Failed to decode the
received ARL
The router received a corrupted ARL (Authority Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
Rcvd data <size> too
large! Max size
allowed: <max size>
The router received directory data that was too large (the size is listed)
from the LDAP server whose address and port are recorded in the
Source field. The maximum size of directory data that the router allows
is also recorded.
Cert trusted: <subject
name>
The router has verified the path of the certificate with the listed subject
name.
Due to <reason codes>,
cert not trusted:
<subject name>
Due to the reasons listed, the certificate with the listed subject name
has not passed the path verification. The recorded reason codes are
only approximate reasons for not trusting the certificate. Please see
Table 92 on page 204
for the corresponding descriptions of the codes.
Table 90
802.1X Logs
LOG MESSAGE
DESCRIPTION
Local User Database accepts
user.
A user was authenticated by the local user database.
Local User Database reports user
credential error.
A user was not authenticated by the local user database
because of an incorrect user password.
Local User Database does not
find user`s credential.
A user was not authenticated by the local user database
because the user is not listed in the local user database.
RADIUS accepts user.
A user was authenticated by the RADIUS Server.
RADIUS rejects user. Pls check
RADIUS Server.
A user was not authenticated by the RADIUS Server.
Please check the RADIUS Server.
Local User Database does not
support authentication method.
The local user database only supports the EAP-MD5
method. A user tried to use another authentication
method and was not authenticated.
User logout because of session
timeout expired.
The router logged out a user whose session expired.
User logout because of user
deassociation.
The router logged out a user who ended the session.
User logout because of no
authentication response from
user.
The router logged out a user from which there was no
authentication response.
User logout because of idle
timeout expired.
The router logged out a user whose idle timeout period
expired.
User logout because of user
request.
A user logged out.
Table 89
PKI Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 204 / 296
Chapter 20 Logs
NBG334W User’s Guide
204
Local User Database does not
support authentication method.
A user tried to use an authentication method that the
local user database does not support (it only supports
EAP-MD5).
No response from RADIUS. Pls
check RADIUS Server.
There is no response message from the RADIUS server,
please check the RADIUS server.
Use Local User Database to
authenticate user.
The local user database is operating as the
authentication server.
Use RADIUS to authenticate user.
The RADIUS server is operating as the authentication
server.
No Server to authenticate user.
There is no authentication server to authenticate a user.
Local User Database does not
find user`s credential.
A user was not authenticated by the local user database
because the user is not listed in the local user database.
Table 91
ACL Setting Notes
PACKET DIRECTION
DIRECTION
DESCRIPTION
(L to W)
LAN to WAN
ACL set for packets traveling from the LAN to the WAN.
(W to L)
WAN to LAN
ACL set for packets traveling from the WAN to the LAN.
(L to L/P)
LAN to LAN/
NBG334W
ACL set for packets traveling from the LAN to the LAN or
the NBG334W.
(W to W/P)
WAN to WAN/
NBG334W
ACL set for packets traveling from the WAN to the WAN
or the NBG334W.
Table 92
ICMP Notes
TYPE
CODE
DESCRIPTION
0
Echo Reply
0
Echo reply message
3
Destination Unreachable
0
Net unreachable
1
Host unreachable
2
Protocol unreachable
3
Port unreachable
4
A packet that needed fragmentation was dropped because it was set to Don't
Fragment (DF)
5
Source route failed
4
Source Quench
0
A gateway may discard internet datagrams if it does not have the buffer space
needed to queue the datagrams for output to the next network on the route to
the destination network.
5
Redirect
0
Redirect datagrams for the Network
1
Redirect datagrams for the Host
Table 90
802.1X Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 205 / 296
Chapter 20 Logs
NBG334W User’s Guide
205
The following table shows RFC-2408 ISAKMP payload types that the log displays. Please
refer to the RFC for detailed information on each type.
2
Redirect datagrams for the Type of Service and Network
3
Redirect datagrams for the Type of Service and Host
8
Echo
0
Echo message
11
Time Exceeded
0
Time to live exceeded in transit
1
Fragment reassembly time exceeded
12
Parameter Problem
0
Pointer indicates the error
13
Timestamp
0
Timestamp request message
14
Timestamp Reply
0
Timestamp reply message
15
Information Request
0
Information request message
16
Information Reply
0
Information reply message
Table 93
Syslog Logs
LOG MESSAGE
DESCRIPTION
<Facility*8 + Severity>Mon dd
hr:mm:ss hostname
src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="<msg>" note="<note>"
devID="<mac address last three
numbers>" cat="<category>
"This message is sent by the system ("RAS" displays as
the system name if you haven’t configured one) when the
router generates a syslog. The facility is defined in the web
MAIN MENU->LOGS->Log Settings page. The severity is
the log’s syslog class. The definition of messages and
notes are defined in the various log charts throughout this
appendix. The “devID” is the last three characters of the
MAC address of the router’s LAN port. The “cat” is the
same as the category in the router’s logs.
Table 94
RFC-2408 ISAKMP Payload Types
LOG DISPLAY
PAYLOAD TYPE
SA
Security Association
PROP
Proposal
TRANS
Transform
KE
Key Exchange
ID
Identification
CER
Certificate
CER_REQ
Certificate Request
HASH
Hash
Table 92
ICMP Notes (continued)
TYPE
CODE
DESCRIPTION

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top