1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-2602HW-D1A
    5. /
  5. 77
Page 381 / 427 Scroll up to view Page 376 - 380
P-2602H(W)(L)-DxA Series User’s Guide
Appendix I Log Descriptions
381
A
PPENDIX
I
Log Descriptions
This appendix provides descriptions of example log messages.
Table 152
System Maintenance Logs
LOG MESSAGE
DESCRIPTION
Time calibration is
successful
The router has adjusted its time based on information from the
time server.
Time calibration failed
The router failed to get information from the time server.
WAN interface gets IP: %s
A WAN interface got a new IP address from the DHCP,
PPPoE, PPTP or dial-up server.
DHCP client IP expired
A DHCP client's IP address has expired.
DHCP server assigns %s
The DHCP server assigned an IP address to a client.
Successful WEB login
Someone has logged on to the router's web configurator
interface.
WEB login failed
Someone has failed to log on to the router's web configurator
interface.
Successful TELNET login
Someone has logged on to the router via telnet.
TELNET login failed
Someone has failed to log on to the router via telnet.
Successful FTP login
Someone has logged on to the router via ftp.
FTP login failed
Someone has failed to log on to the router via ftp.
NAT Session Table is Full!
The maximum number of NAT session table entries has been
exceeded and the table is full.
Starting Connectivity Monitor
Starting Connectivity Monitor.
Time initialized by Daytime
Server
The router got the time and date from the Daytime server.
Time initialized by Time
server
The router got the time and date from the time server.
Time initialized by NTP
server
The router got the time and date from the NTP server.
Connect to Daytime server
fail
The router was not able to connect to the Daytime server.
Connect to Time server fail
The router was not able to connect to the Time server.
Connect to NTP server fail
The router was not able to connect to the NTP server.
Too large ICMP packet has
been dropped
The router dropped an ICMP packet that was too large.
Configuration Change: PC =
0x%x, Task ID = 0x%x
The router is saving configuration changes.
Successful SSH login
Someone has logged on to the router’s SSH server.
SSH login failed
Someone has failed to log on to the router’s SSH server.
Page 382 / 427
P-2602H(W)(L)-DxA Series User’s Guide
382
Appendix I Log Descriptions
Successful HTTPS login
Someone has logged on to the router's web configurator
interface using HTTPS protocol.
HTTPS login failed
Someone has failed to log on to the router's web configurator
interface using HTTPS protocol.
Table 153
System Error Logs
LOG MESSAGE
DESCRIPTION
%s exceeds the max.
number of session per
host!
This attempt to create a NAT session exceeds the maximum
number of NAT session table entries allowed to be created per
host.
setNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter settings.
readNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter settings.
WAN connection is down.
A WAN connection is down. You cannot access the network
through this interface.
Table 154
Access Control Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]
<Packet Direction>
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched the default policy and was blocked or forwarded
according to the default policy’s setting.
Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF ]
<Packet Direction>, <rule:%d>
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched (or did not match) a configured firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP | ESP
| GRE | OSPF ]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that the router
blocked access to a web site that the user requested.
Table 152
System Maintenance Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 383 / 427
P-2602H(W)(L)-DxA Series User’s Guide
Appendix I Log Descriptions
383
For type and code details, see
Table 165 on page 387
.
Table 155
TCP Reset Logs
LOG MESSAGE
DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was under a SYN
flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of TCP
incomplete connections exceeded the user configured threshold.
(the TCP incomplete count is per destination host.) Note: Refer to
TCP Maximum Incomplete
in the
Firewall Attack Alerts
screen.
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP connection state
was out of order.Note: The firewall refers to RFC793 Figure 6 to
check the TCP state.
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic firewall
session timed out.Default timeout values:ICMP idle timeout (s):
60UDP idle timeout (s): 60TCP connection (three way
handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle
(established) timeout (s): 3600
Exceed MAX incomplete,
sent TCP RST
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command: "sys
firewall tcprst").
Table 156
Packet Filter Logs
LOG MESSAGE
DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule (denoted by
its set and rule number) and was blocked or forwarded
according to the rule.
Table 157
ICMP Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
ICMP access matched the default policy and was blocked
or forwarded according to the user's setting.
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Page 384 / 427
P-2602H(W)(L)-DxA Series User’s Guide
384
Appendix I Log Descriptions
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP packets or
the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the sender.
Table 158
CDR Logs
LOG MESSAGE
DESCRIPTION
board %d line %d channel %d,
call %d, %s C01 Outgoing Call
dev=%x ch=%x %s
The router received the setup requirements for a call. “call” is
the reference (count) number of the call. “dev” is the device
type (3 is for dial-up, 6 is for PPPoE, 10 is for PPTP).
"channel" or “ch” is the call channel ID.For example,"board 0
line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0
"Means the router has dialed to the PPPoE server 3 times.
board %d line %d channel %d,
call %d, %s C02 OutCall
Connected %d %s
The PPPoE, PPTP or dial-up call is connected.
board %d line %d channel %d,
call %d, %s C02 Call
Terminated
The PPPoE, PPTP or dial-up call was disconnected.
Table 159
PPP Logs
LOG MESSAGE
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol stage is
opening.
ppp:IPCP Starting
The PPP connection’s Internet Protocol Control Protocol stage is starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is opening.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is closing.
Table 157
ICMP Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 385 / 427
P-2602H(W)(L)-DxA Series User’s Guide
Appendix I Log Descriptions
385
For type and code details, see
Table 165 on page 387
.
Table 160
UPnP Logs
LOG MESSAGE
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
Table 161
Content Filtering Logs
LOG MESSAGE
DESCRIPTION
%s: block keyword
The content of a requested web page matched a user defined keyword.
%s
The system forwarded web content.
Table 162
Attack Logs
LOG MESSAGE
DESCRIPTION
attack [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack.
land [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack.
ip spoofing - WAN [ TCP |
UDP | IGMP | ESP | GRE |
OSPF ]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN port.
icmp echo : ICMP
(type:%d, code:%d)
The firewall detected an ICMP echo attack.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack.
illegal command TCP
The firewall detected a TCP illegal command attack.
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall classified a packet with no source routing entry as an
IP spoofing attack.

Rate

3.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top