EventName Attributes for Syslog Events
Some syslog events will have the additional attribute "EventName". You will be able to filter the events table to find events using the EventName attribute by filtering by attribute:value pairs. For example, you could filter events for a "Denied IP packet" by entering EventName:"Denied IP Packet" in the search field of the Event Logging table.
Syslog Event ID and Event Names Tables
AAA Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
109001 |
AAA Begin |
|
109002 |
AAA Failed |
|
109003 |
AAA Server Failed |
|
109005 |
Authentication Success |
|
109006 |
Authentication Failed |
|
109007 |
Authorization Success |
|
109008 |
Authorization Failed |
|
109010 |
AAA Pending |
|
109011 |
AAA Session Started |
|
109012 |
AAA Session Ended |
|
109013 |
AAA |
|
109014 |
AAA Failed |
|
109016 |
AAA ACL not found |
|
109017 |
AAA Limit Reach |
|
109018 |
AAA ACL Empty |
|
109019 |
AAA ACL error |
|
109020 |
AAA ACL error |
|
109021 |
AAA error |
|
109022 |
AAA HTTP limit reached |
|
109023 |
AAA auth required |
|
109024 |
Authorization Failed |
|
109025 |
Authorization Failed |
|
109026 |
AAA error |
|
109027 |
AAA Server error |
|
109028 |
AAA Bypassed |
|
109029 |
AAA ACL error |
|
109030 |
AAA ACL error |
|
109031 |
Authentication Failed |
|
109032 |
AAA ACL error |
|
109033 |
Authentication Failed |
|
109034 |
Authentication Failed |
|
109035 |
AAA Limit Reach |
|
113001 |
AAA Session limit reach |
|
113003 |
AAA overridden |
|
113004 |
AAA Successful |
|
113005 |
Authorization Rejected |
|
113006 |
AAA user locked |
|
113007 |
AAA User unlocked |
|
113008 |
AAA successful |
|
113009 |
AAA retrieved |
|
113010 |
AAA Challenge received |
|
113011 |
AAA retrieved |
|
113012 |
Authentication Successful |
|
113013 |
AAA error |
|
113014 |
AAA error |
|
113015 |
Authentication Rejected |
|
113016 |
AAA Rejected |
|
113017 |
AAA Rejected |
|
113018 |
AAA ACL error |
|
113019 |
AAA Disconnected |
|
113020 |
AAA error |
|
113021 |
AAA Logging Fail |
|
113022 |
AAA Failed |
|
113023 |
AAA reactivated |
|
113024 |
AAA Client certification |
|
113025 |
AAA Authentication fail |
|
113026 |
AAA error |
|
113027 |
AAA error |
Botnet Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
338001 |
Botnet Source Block List |
|
338002 |
Botnet Destination Block List |
|
338003 |
Botnet Source Block List |
|
338004 |
Botnet Destination Block List |
|
338101 |
Botnet Source Allow List |
|
338102 |
Botnet destination Allow List |
|
338202 |
Botnet destination Grey |
|
338203 |
Botnet Source Grey |
|
338204 |
Botnet Destination Grey |
|
338301 |
Botnet DNS Intercepted |
|
338302 |
Botnet DNS |
|
338303 |
Botnet DNS |
|
338304 |
Botnet Download successful |
|
338305 |
Botnet Download failed |
|
338306 |
Botnet Authentication failed |
|
338307 |
Botnet Decrypt failed |
|
338308 |
Botnet Client |
|
338309 |
Botnet Client |
|
338310 |
Botnet dyn filter failed |
Failover Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
101001 |
Failover Cable OK |
|
101002 |
Failover Cable BAD |
|
101003 |
Failover Cable not connected |
|
101004 |
Failover Cable not connected |
|
101005 |
Failover Cable reading error |
|
102001 |
Failover Power failure |
|
103001 |
No response from failover mate |
|
103002 |
Failover mate interface OK |
|
103003 |
Failover mate interface BAD |
|
103004 |
Failover mate reports failure |
|
103005 |
Failover mate reports self failure |
|
103006 |
Failover version incompatible |
|
103007 |
Failover version difference |
|
104001 |
Failover role switch |
|
104002 |
Failover role switch |
|
104003 |
Failover unit failed |
|
104004 |
Failover unit OK |
|
106100 |
Permit/Denied by ACL |
|
210001 |
Stateful Failover error |
|
210002 |
Stateful Failover error |
|
210003 |
Stateful Failover error |
|
210005 |
Stateful Failover error |
|
210006 |
Stateful Failover error |
|
210007 |
Stateful Failover error |
|
210008 |
Stateful Failover error |
|
210010 |
Stateful Failover error |
|
210020 |
Stateful Failover error |
|
210021 |
Stateful Failover error |
|
210022 |
Stateful Failover error |
|
311001 |
Stateful Failover update |
|
311002 |
Stateful Failover update |
|
311003 |
Stateful Failover update |
|
311004 |
Stateful Failover update |
|
418001 |
Denied Packet to Management |
|
709001 |
Failover replication error |
|
709002 |
Failover replication error |
|
709003 |
Failover replication start |
|
709004 |
Failover replication complete |
|
709005 |
Failover receive replication start |
|
709006 |
Failover receive replication complete |
|
709007 |
Failover replication failure |
|
710003 |
Denied access to Device |
Firewall Denied Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
106001 |
Denied by Security Policy |
|
106002 |
Outbound Deny |
|
106006 |
Denied by Security Policy |
|
106007 |
Denied Inbound UDP |
|
106008 |
Denied by Security Policy |
|
106010 |
Denied by Security Policy |
|
106011 |
Denied Inbound |
|
106012 |
Denied due to Bad IP option |
|
106013 |
Dropped Ping to PAT IP |
|
106014 |
Denied Inbound ICMP |
|
106015 |
Denied by Security Policy |
|
106016 |
Denied IP Spoof |
|
106017 |
Denied due to Land Attack |
|
106018 |
Denied outbound ICMP |
|
106020 |
Denied IP Packet |
|
106021 |
Denied TCP |
|
106022 |
Denied Spoof packet |
|
106023 |
Denied IP Packet |
|
106025 |
Dropped Packet failed to Detect context |
|
106026 |
Dropped Packet failed to Detect context |
|
106027 |
Dropped Packet failed to Detect context |
|
106100 |
Permit/Denied by ACL |
|
418001 |
Denied Packet to Management |
|
710003 |
Denied access to Device |
Firewall Traffic Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
108001 |
Inspect SMTP |
|
108002 |
Inspect SMTP |
|
108003 |
Inspect ESMTP Dropped |
|
108004 |
Inspect ESMTP |
|
108005 |
Inspect ESMTP |
|
108006 |
Inspect ESMTP Violation |
|
108007 |
Inspect ESMTP |
|
110002 |
No Router found |
|
110003 |
Failed to Find Next hop |
|
209003 |
Fragment Limit Reach |
|
209004 |
Fragment invalid Length |
|
209005 |
Fragment IP discard |
|
302003 |
H245 Connection Start |
|
302004 |
H323 Connection start |
|
302009 |
Restart TCP |
|
302010 |
Connection USAGE |
|
302012 |
H225 CALL SIGNAL CONN |
|
302013 |
Built TCP |
|
302014 |
Teardown TCP |
|
302015 |
Built UDP |
|
302016 |
Teardown UDP |
|
302017 |
Built GRE |
|
302018 |
Teardown GRE |
|
302019 |
H323 Failed |
|
302020 |
Built ICMP |
|
302021 |
Teardown ICMP |
|
302022 |
Built TCP Stub |
|
302023 |
Teardown TCP Stub |
|
302024 |
Built UDP Stub |
|
302025 |
Teardown UDP Stub |
|
302026 |
Built ICMP Stub |
|
302027 |
Teardown ICMP Stub |
|
302033 |
Connection H323 |
|
302034 |
H323 Connection Failed |
|
302035 |
Built SCTP |
|
302036 |
Teardown SCTP |
|
303002 |
FTP file download/upload |
|
303003 |
Inspect FTP Dropped |
|
303004 |
Inspect FTP Dropped |
|
303005 |
Inspect FTP reset |
|
313001 |
ICMP Denied |
|
313004 |
ICMP Drop |
|
313005 |
ICMP Error Msg Drop |
|
313008 |
ICMP ipv6 Denied |
|
324000 |
GTP Pkt Drop |
|
324001 |
GTP Pkt Error |
|
324002 |
Memory Error |
|
324003 |
GTP Pkt Drop |
|
324004 |
GTP Version Not Supported |
|
324005 |
GTP Tunnel Failed |
|
324006 |
GTP Tunnel Failed |
|
324007 |
GTP Tunnel Failed |
|
337001 |
Phone Proxy SRTP Failed |
|
337002 |
Phone Proxy SRTP Failed |
|
337003 |
Phone Proxy SRTP Auth Fail |
|
337004 |
Phone Proxy SRTP Auth Fail |
|
337005 |
Phone Proxy SRTP no Media Session |
|
337006 |
Phone Proxy TFTP Unable to Create File |
|
337007 |
Phone Proxy TFTP Unable to Find File |
|
337008 |
Phone Proxy Call Failed |
|
337009 |
Phone Proxy Unable to Create Phone Entry |
|
400000 |
IPS IP options-Bad Option List |
|
400001 |
IPS IP options-Record Packet Route |
|
400002 |
IPS IP options-Timestamp |
|
400003 |
IPS IP options-Security |
|
400004 |
IPS IP options-Loose Source Route |
|
400005 |
IPS IP options-SATNET ID |
|
400006 |
IPS IP options-Strict Source Route |
|
400007 |
IPS IP Fragment Attack |
|
400008 |
IPS IP Impossible Packet |
|
400009 |
IPS IP Fragments Overlap |
|
400010 |
IPS ICMP Echo Reply |
|
400011 |
IPS ICMP Host Unreachable |
|
400012 |
IPS ICMP Source Quench |
|
400013 |
IPS ICMP Redirect |
|
400014 |
IPS ICMP Echo Request |
|
400015 |
IPS ICMP Time Exceeded for a Datagram |
|
400017 |
IPS ICMP Timestamp Request |
|
400018 |
IPS ICMP Timestamp Reply |
|
400019 |
IPS ICMP Information Request |
|
400020 |
IPS ICMP Information Reply |
|
400021 |
IPS ICMP Address Mask Request |
|
400022 |
IPS ICMP Address Mask Reply |
|
400023 |
IPS Fragmented ICMP Traffic |
|
400024 |
IPS Large ICMP Traffic |
|
400025 |
IPS Ping of Death Attack |
|
400026 |
IPS TCP NULL flags |
|
400027 |
IPS TCP SYN+FIN flags |
|
400028 |
IPS TCP FIN only flags |
|
400029 |
IPS FTP Improper Address Specified |
|
400030 |
IPS FTP Improper Port Specified |
|
400031 |
IPS UDP Bomb attack |
|
400032 |
IPS UDP Snork attack |
|
400033 |
IPS UDP Chargen DoS attack |
|
400034 |
IPS DNS HINFO Request |
|
400035 |
IPS DNS Zone Transfer |
|
400036 |
IPS DNS Zone Transfer from High Port |
|
400037 |
IPS DNS Request for All Records |
|
400038 |
IPS RPC Port Registration |
|
400039 |
IPS RPC Port Unregistration |
|
400040 |
IPS RPC Dump |
|
400041 |
IPS Proxied RPC Request |
|
400042 |
IPS YP server Portmap Request |
|
400043 |
IPS YP bind Portmap Request |
|
400044 |
IPS YP password Portmap Request |
|
400045 |
IPS YP update Portmap Request |
|
400046 |
IPS YP transfer Portmap Request |
|
400047 |
IPS Mount Portmap Request |
|
400048 |
IPS Remote execution Portmap Request |
|
400049 |
IPS Remote execution Attempt |
|
400050 |
IPS Statd Buffer Overflow |
|
406001 |
Inspect FTP Dropped |
|
406002 |
Inspect FTP Dropped |
|
407001 |
Host Limit Reach |
|
407002 |
Embryonic limit Reached |
|
407003 |
Established limit Reached |
|
415001 |
Inspect Http Header Field Count |
|
415002 |
Inspect Http Header Field Length |
|
415003 |
Inspect Http body Length |
|
415004 |
Inspect Http content-type |
|
415005 |
Inspect Http URL length |
|
415006 |
Inspect Http URL Match |
|
415007 |
Inspect Http Body Match |
|
415008 |
Inspect Http Header match |
|
415009 |
Inspect Http Method match |
|
415010 |
Inspect transfer encode match |
|
415011 |
Inspect Http Protocol Violation |
|
415012 |
Inspect Http Content-type |
|
415013 |
Inspect Http Malformed |
|
415014 |
Inspect Http Mime-Type |
|
415015 |
Inspect Http Transfer-encoding |
|
415016 |
Inspect Http Unanswered |
|
415017 |
Inspect Http Argument match |
|
415018 |
Inspect Http Header length |
|
415019 |
Inspect Http status Matched |
|
415020 |
Inspect Http non-ASCII |
|
416001 |
Inspect SNMP dropped |
|
419001 |
Dropped packet |
|
419002 |
Duplicate TCP SYN |
|
419003 |
Packet modified |
|
424001 |
Denied Packet |
|
424002 |
Dropped Packet |
|
431001 |
Dropped RTP |
|
431002 |
Dropped RTCP |
|
500001 |
Inspect ActiveX |
|
500002 |
Inspect Java |
|
500003 |
Inspect TCP Header |
|
500004 |
Inspect TCP Header |
|
500005 |
Inspect Connection Terminated |
|
508001 |
Inspect DCERPC Dropped |
|
508002 |
Inspect DCERPC Dropped |
|
509001 |
Prevented No Forward Cmd |
|
607001 |
Inspect SIP |
|
607002 |
Inspect SIP |
|
607003 |
Inspect SIP |
|
608001 |
Inspect Skinny |
|
608002 |
Inspect Skinny dropped |
|
608003 |
Inspect Skinny dropped |
|
608004 |
Inspect Skinny dropped |
|
608005 |
Inspect Skinny dropped |
|
609001 |
Built Local-Host |
|
609002 |
Teardown Local Host |
|
703001 |
H225 Unsupported Version |
|
703002 |
H225 Connection |
|
726001 |
Inspect Instant Message |
Identity Based Firewall Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
|
746001 |
Import started |
|
746002 |
Import complete |
|
746003 |
Import failed |
|
746004 |
Exceed user group limit |
|
746005 |
AD Agent down |
|
746006 |
AD Agent out of sync |
|
746007 |
Netbios response failed |
|
746008 |
Netbios started |
|
746009 |
Netbios stopped |
|
746010 |
Import user failed |
|
746011 |
Exceed user limit |
|
746012 |
User IP add |
|
746013 |
User IP delete |
|
746014 |
FQDN Obsolete |
|
746015 |
FQDN resolved |
|
746016 |
DNS lookup failed |
|
746017 |
Import user issued |
|
746018 |
Import user done |
|
746019 |
Update AD Agent failed |
IPSec Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
| 402114 | Invalid SPI received |
| 402115 | Unexpected protocol received |
| 402116 | Packet doesn't match identity |
| 402117 | Non-IPSEC packet received |
| 402118 | Invalid fragment offset |
| 402119 | Anti-Replay check failure |
| 402120 | Authentication failure |
| 402121 | Packet dropped |
| 426101 | cLACP Port Bundle |
| 426102 | cLACP Port Standby |
| 426103 | cLACP Port Moved To Bundle From Standby |
| 426104 | cLACP Port Unbundled |
| 602103 | Path MTU updated |
| 602104 | Path MTU exceeded |
| 602303 | New SA created |
| 602304 | SA deleted |
| 702305 | SA expiration - Sequence rollover |
| 702307 | SA expiration - Data rollover |
NAT Syslog Event ID and Event Names
|
EventID |
EventName |
|---|---|
| 201002 | Max connection Exceeded for host |
| 201003 | Embryonic limit exceed |
| 201004 | UDP connection limit exceed |
| 201005 | FTP connection failed |
| 201006 | RCMD connection failed |
| 201008 | New connection Disallowed |
| 201009 | Connection Limit exceed |
| 201010 | Embryonic Connection limit exceeded |
| 201011 | Connection Limit exceeded |
| 201012 | Per-client embryonic connection limit exceeded |
| 201013 | Per-client connection limit exceeded |
| 202001 | Global NAT exhausted |
| 202005 | Embryonic connection error |
| 202011 | Connection limit exceeded |
| 305005 | No NAT group found |
| 305006 | Translation failed |
| 305007 | Connection dropped |
| 305008 | NAT allocation issue |
| 305009 | NAT Created |
| 305010 | NAT teardown |
| 305011 | PAT created |
| 305012 | PAT teardown |
| 305013 | Connection denied |
SSL VPN Syslog Event IDs and Event Names
|
EventID |
EventName |
|---|---|
| 716001 | WebVPN Session Started |
| 716002 | WebVPN Session Terminated |
| 716003 | WebVPN User URL access |
| 716004 | WebVPN User URL access denied |
| 716005 | WebVPN ACL error |
| 716006 | WebVPN User Disabled |
| 716007 | WebVPN Unable to Create |
| 716008 | WebVPN Debug |
| 716009 | WebVPN ACL error |
| 716010 | WebVPN User access network |
| 716011 | WebVPN User access |
| 716012 | WebVPN User Directory access |
| 716013 | WebVPN User file access |
| 716014 | WebVPN User file access |
| 716015 | WebVPN User file access |
| 716016 | WebVPN User file access |
| 716017 | WebVPN User file access |
| 716018 | WebVPN User file access |
| 716019 | WebVPN User file access |
| 716020 | WebVPN User file access |
| 716021 | WebVPN user access file denied |
| 716022 | WebVPN Unable to connect proxy |
| 716023 | WebVPN session limit reached |
| 716024 | WebVPN User access error |
| 716025 | WebVPN User access error |
| 716026 | WebVPN User access error |
| 716027 | WebVPN User access error |
| 716028 | WebVPN User access error |
| 716029 | WebVPN User access error |
| 716030 | WebVPN User access error |
| 716031 | WebVPN User access error |
| 716032 | WebVPN User access error |
| 716033 | WebVPN User access error |
| 716034 | WebVPN User access error |
| 716035 | WebVPN User access error |
| 716036 | WebVPN User login successful |
| 716037 | WebVPN User login failed |
| 716038 | WebVPN User Authentication Successful |
| 716039 | WebVPN User Authentication Rejected |
| 716040 | WebVPN User logging denied |
| 716041 | WebVPN ACL hit count |
| 716042 | WebVPN ACL hit |
| 716043 | WebVPN Port forwarding |
| 716044 | WebVPN Bad Parameter |
| 716045 | WebVPN Invalid Parameter |
| 716046 | WebVPN connection terminated |
| 716047 | WebVPN ACL usage |
| 716048 | WebVPN memory issue |
| 716049 | WebVPN Empty SVC ACL |
| 716050 | WebVPN ACL error |
| 716051 | WebVPN ACL error |
| 716052 | WebVPN Session Terminated |
| 716053 | WebVPN SSO Server added |
| 716054 | WebVPN SSO Server deleted |
| 716055 | WebVPN Authentication Successful |
| 716056 | WebVPN Authentication Failed |
| 716057 | WebVPN Session terminated |
| 716058 | WebVPN Session lost |
| 716059 | WebVPN Session resumed |
| 716060 | WebVPN Session Terminated |
| 722001 | WebVPN SVC Connect request error |
| 722002 | WebVPN SVC Connect request error |
| 722003 | WebVPN SVC Connect request error |
| 722004 | WebVPN SVC Connect request error |
| 722005 | WebVPN SVC Connect update issue |
| 722006 | WebVPN SVC Invalid address |
| 722007 | WebVPN SVC Message |
| 722008 | WebVPN SVC Message |
| 722009 | WebVPN SVC Message |
| 722010 | WebVPN SVC Message |
| 722011 | WebVPN SVC Message |
| 722012 | WebVPN SVC Message |
| 722013 | WebVPN SVC Message |
| 722014 | WebVPN SVC Message |
| 722015 | WebVPN SVC invalid frame |
| 722016 | WebVPN SVC invalid frame |
| 722017 | WebVPN SVC invalid frame |
| 722018 | WebVPN SVC invalid frame |
| 722019 | WebVPN SVC Not Enough Data |
| 722020 | WebVPN SVC no address |
| 722021 | WebVPN Memory issue |
| 722022 | WebVPN SVC connection established |
| 722023 | WebVPN SVC connection terminated |
| 722024 | WebVPN Compression Enabled |
| 722025 | WebVPN Compression Disabled |
| 722026 | WebVPN Compression reset |
| 722027 | WebVPN Decompression reset |
| 722028 | WebVPN Connection Closed |
| 722029 | WebVPN SVC Session terminated |
| 722030 | WebVPN SVC Session terminated |
| 722031 | WebVPN SVC Session terminated |
| 722032 | WebVPN SVC connection Replacement |
| 722033 | WebVPN SVC Connection established |
| 722034 | WebVPN SVC New connection |
| 722035 | WebVPN Received Large packet |
| 722036 | WebVPN transmitting Large packet |
| 722037 | WebVPN SVC connection closed |
| 722038 | WebVPN SVC session terminated |
| 722039 | WebVPN SVC invalid ACL |
| 722040 | WebVPN SVC invalid ACL |
| 722041 | WebVPN SVC IPv6 not available |
| 722042 | WebVPN invalid protocol |
| 722043 | WebVPN DTLS disabled |
| 722044 | WebVPN unable to request address |
| 722045 | WebVPN Connection terminated |
| 722046 | WebVPN Session terminated |
| 722047 | WebVPN Tunnel terminated |
| 722048 | WebVPN Tunnel terminated |
| 722049 | WebVPN Session terminated |
| 722050 | WebVPN Session terminated |
| 722051 | WebVPN address assigned |
| 722053 | WebVPN Unknown client |
| 723001 | WebVPN Citrix connection Up |
| 723002 | WebVPN Citrix connection Down |
| 723003 | WebVPN Citrix no memory issue |
| 723004 | WebVPN Citrix bad flow control |
| 723005 | WebVPN Citrix no channel |
| 723006 | WebVPN Citrix SOCKS error |
| 723007 | WebVPN Citrix connection list broken |
| 723008 | WebVPN Citrix invalid SOCKS |
| 723009 | WebVPN Citrix invalid connection |
| 723010 | WebVPN Citrix invalid connection |
| 723011 | WebVPN citrix Bad SOCKS |
| 723012 | WebVPN Citrix Bad SOCKS |
| 723013 | WebVPN Citrix invalid connection |
| 723014 | WebVPN Citrix connected to Server |
| 724001 | WebVPN Session not allowed |
| 724002 | WebVPN Session terminated |
| 724003 | WebVPN CSD |
| 724004 | WebVPN CSD |
| 725001 | SSL handshake Started |
| 725002 | SSL Handshake completed |
| 725003 | SSL Client session resume |
| 725004 | SSL Client request Authentication |
| 725005 | SSL Server request authentication |
| 725006 | SSL Handshake failed |
| 725007 | SSL Session terminated |
| 725008 | SSL Client Cipher |
| 725009 | SSL Server Cipher |
| 725010 | SSL Cipher |
| 725011 | SSL Device choose Cipher |
| 725012 | SSL Device choose Cipher |
| 725013 | SSL Server choose cipher |
| 725014 | SSL LIB error |
| 725015 | SSL client certificate failed |