1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660HN-T1A
    5. /
  5. 44
Page 216 / 324 Scroll up to view Page 211 - 215
Chapter 20 Logs
P-660HN-TxA User’s Guide
216
For type and code details, see
Table 87 on page 219
.
Table 79
ICMP Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
ICMP access matched the default policy and was
blocked or forwarded according to the user's
setting.
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
ICMP access matched (or didn’t match) a firewall
rule (denoted by its number) and was blocked or
forwarded according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to
pass through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP
packets or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the
sender.
Table 80
CDR Logs
LOG MESSAGE
DESCRIPTION
board %d line %d channel %d,
call %d, %s C01 Outgoing Call
dev=%x ch=%x %s
The router received the setup requirements for a call.
“call” is the reference (count) number of the call.
“dev” is the device type (3 is for dial-up, 6 is for
PPPoE, 10 is for PPTP) "channel" or “ch” is the call
channel ID. For example,"board 0 line 0 channel 0,
call 3, C01 Outgoing Call dev=6 ch=0 "Means the
router has dialed to the PPPoE server 3 times.
board %d line %d channel %d,
call %d, %s C02 OutCall
Connected %d %s
The PPPoE, PPTP or dial-up call is connected.
board %d line %d channel %d,
call %d, %s C02 Call
Terminated
The PPPoE, PPTP or dial-up call was disconnected.
Table 81
PPP Logs
LOG MESSAGE
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol
stage is opening.
ppp:IPCP
Starting
The PPP connection’s Internet Protocol Control Protocol stage is
starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is
opening.
Page 217 / 324
Chapter 20 Logs
P-660HN-TxA User’s Guide
217
For type and code details, see
Table 87 on page 219
.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is
closing.
Table 82
UPnP Logs
LOG MESSAGE
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
Table 83
Content Filtering Logs
LOG MESSAGE
DESCRIPTION
%s: block keyword
The content of a requested web page matched a user defined
keyword.
%s
The system forwarded web content.
Table 84
Attack Logs
LOG MESSAGE
DESCRIPTION
attack [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF
attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack.
land [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF
land attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack.
ip spoofing - WAN [ TCP |
UDP | IGMP | ESP | GRE |
OSPF ]
The firewall detected an IP spoofing attack on the WAN
port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the
WAN port.
icmp echo : ICMP
(type:%d, code:%d)
The firewall detected an ICMP echo attack.
syn flood TCP
The firewall detected a TCP syn flood attack.
ports scan TCP
The firewall detected a TCP port scan attack.
teardrop TCP
The firewall detected a TCP teardrop attack.
teardrop UDP
The firewall detected an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack.
illegal command TCP
The firewall detected a TCP illegal command attack.
Table 81
PPP Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 218 / 324
Chapter 20 Logs
P-660HN-TxA User’s Guide
218
NetBIOS TCP
The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall classified a packet with no source routing
entry as an IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source
routing entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack.
Table 85
802.1X Logs
LOG MESSAGE
DESCRIPTION
RADIUS accepts user.
A user was authenticated by the RADIUS Server.
RADIUS rejects user. Pls check
RADIUS Server.
A user was not authenticated by the RADIUS
Server. Please check the RADIUS Server.
User logout because of session
timeout expired.
The router logged out a user whose session
expired.
User logout because of user
deassociation.
The router logged out a user who ended the
session.
User logout because of no
authentication response from
user.
The router logged out a user from which there
was no authentication response.
User logout because of idle
timeout expired.
The router logged out a user whose idle timeout
period expired.
User logout because of user
request.
A user logged out.
No response from RADIUS. Pls
check RADIUS Server.
There is no response message from the RADIUS
server, please check the RADIUS server.
Use RADIUS to authenticate user.
The RADIUS server is operating as the
authentication server.
No Server to authenticate user.
There is no authentication server to authenticate
a user.
Table 86
ACL Setting Notes
PACKET
DIRECTION
DIRECTION
DESCRIPTION
(L to W)
LAN to WAN
ACL set for packets traveling from the LAN to the
WAN.
(W to L)
WAN to LAN
ACL set for packets traveling from the WAN to the
LAN.
Table 84
Attack Logs (continued)
LOG MESSAGE
DESCRIPTION
Page 219 / 324
Chapter 20 Logs
P-660HN-TxA User’s Guide
219
(L to L/ZyXEL
Device)
LAN to LAN/
ZyXEL Device
ACL set for packets traveling from the LAN to the
LAN or the ZyXEL Device.
(W to W/ZyXEL
Device)
WAN to WAN/
ZyXEL Device
ACL set for packets traveling from the WAN to the
WAN or the ZyXEL Device.
Table 87
ICMP Notes
TYPE
CODE
DESCRIPTION
0
Echo Reply
0
Echo reply message
3
Destination Unreachable
0
Net unreachable
1
Host unreachable
2
Protocol unreachable
3
Port unreachable
4
A packet that needed fragmentation was dropped because it was set
to Don't Fragment (DF)
5
Source route failed
4
Source Quench
0
A gateway may discard internet datagrams if it does not have the
buffer space needed to queue the datagrams for output to the next
network on the route to the destination network.
5
Redirect
0
Redirect datagrams for the Network
1
Redirect datagrams for the Host
2
Redirect datagrams for the Type of Service and Network
3
Redirect datagrams for the Type of Service and Host
8
Echo
0
Echo message
11
Time Exceeded
0
Time to live exceeded in transit
1
Fragment reassembly time exceeded
12
Parameter Problem
0
Pointer indicates the error
13
Timestamp
0
Timestamp request message
14
Timestamp Reply
0
Timestamp reply message
15
Information Request
Table 86
ACL Setting Notes (continued)
PACKET
DIRECTION
DIRECTION
DESCRIPTION
Page 220 / 324
Chapter 20 Logs
P-660HN-TxA User’s Guide
220
The following table shows RFC-2408 ISAKMP payload types that the log displays.
Please refer to RFC 2408 for detailed information on each type.
0
Information request message
16
Information Reply
0
Information reply message
Table 88
Syslog Logs
LOG MESSAGE
DESCRIPTION
<Facility*8 + Severity>Mon dd
hr:mm:ss hostname
src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="<msg>" note="<note>"
devID="<mac address last three
numbers>" cat="<category>
"This message is sent by the system ("RAS"
displays as the system name if you haven’t
configured one) when the router generates a
syslog. The facility is defined in the web MAIN
MENU->LOGS->Log Settings page. The severity is
the log’s syslog class. The definition of messages
and notes are defined in the various log charts
throughout this appendix. The “devID” is the last
three characters of the MAC address of the router’s
LAN port. The “cat” is the same as the category in
the router’s logs.
Table 89
RFC-2408 ISAKMP Payload Types
LOG DISPLAY
PAYLOAD TYPE
SA
Security Association
PROP
Proposal
TRANS
Transform
KE
Key Exchange
ID
Identification
CER
Certificate
CER_REQ
Certificate Request
HASH
Hash
SIG
Signature
NONCE
Nonce
NOTFY
Notification
DEL
Delete
VID
Vendor ID
Table 87
ICMP Notes (continued)
TYPE
CODE
DESCRIPTION

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top