System log, Security log | Nortel Networks NN46110-602 manual

Chapter 2 Status and logging 45

System log

The system log contains all system events that are considered significant enough to be written to disk, including those displayed in the configuration and security logs. Events that appear in the system log include:

•LDAP activity

•configuration activity

•server authentication and authorization requests

The following is the general format of the log entries:

•time stamp

•task that issued the event (tEvtLgMgr, tObjMgr, tHttpdTask)

•number that indicates the CPU that issued the event (0=CPU 0, 1=CPU 1)

•software module that issued the event

•priority code assignment (number in brackets) (for a description of these codes, see “Event log” on page 41)

•indicates that the packet matched the rule in the listed section

•indicates the matching packet source, destination, protocol, and action configured for that rule

The following example shows a system log:

11:29:31 tEvtLgMgr 0 : CSFW [12] Rule[OVERRIDE 1]Firewall:

[192.32.250.204:1024-10.0.18.12:2048, icmp], action: Allow

Security log

The Security log records all activity about system or user security. It lists all security events, both failures and successes. The events can include:

•authentication and authorization

•tunnel or administration requests

•encryption, authentication, or compression

•hours of access

•number of session violations

Nortel VPN Router Troubleshooting

Image 45

Nortel Networks NN46110-602 manual System log, Security log

Contents

Nortel VPN Router Troubleshooting Trademarks Copyright 2007 Nortel Networks. All rights reservedRestricted rights legend Statement of conditions Nortel Networks Inc. software license agreement Nortel VPN Router Troubleshooting General Contents Chapter Status and logging Chapter Troubleshooting Chapter Packet capture Appendix a MIB support Appendix B Using serial PPP Index Contents NN46110-602 Figures Figures NN46110-602 Tables Tables NN46110-602 Text conventions Before you begin Italic text Acronyms L2TP Related publications Finding the latest updates on the Nortel Web site Hard-copy technical manuals How to get help Getting help from the Nortel Web site Getting help over the phone from a Nortel Solutions Center Getting help through a Nortel distributor or reseller New in this release Features Automatic backups Pcap enhancementsSnmp interface index enhancement Administrator settings Chapter VPN Router administration VPN Router administration Tools Dynamic password File management System configuration Simple Network Management Protocol Snmp VPN Router administration Admin Snmp Traps window Click Enable for User IP Address Pool To configure the amount Chapter Status and logging Reports Sessions System Health checkStatistics Accounting records Accounting Data collection task Radius accounting Timestamp Event log Logs Event logs Select Status Event Log Capture and display filters Configure Display Entity Security log System log Configuration log Shutdown Chapter Administrative tasks Recovery Accessing the diskette driveUsing the recovery diskette Recovery Diskette window Software/backup/v101/SN01001 Administrative tasks Automatic backups Transferring backup files through Sftp Using the GUI for automatic backupTriggering a backup when a file or directory changes Select Admin Auto Backup Automatic Backup window appears. Figure Click Configure Specific Backup To overwrite a file, click Overwrite files at destination Specific Automatic Backup window Using the CLI for automatic backup Stopping the backup of specific files and directories Backing up specific files and directoriesBacking up changes to specific files or directories Stopping the transfer of backup files using Sftp Using Sftp to transfer backup files Disabling new logins Select Admin Shutdown Click Disable new logins. FigureUpgrading the software Checking available disk space Select Admin File System Creating a control tunnel to upgrade from a remote location Creating a recovery diskette Select Admin Recovery and click Create DisketteBacking up system files Retrieving the new software Select Admin Upgrades FTP menu example Internal Radius Accounting Interim Radius Accounting Record Before completing the upgrade After you upgrade the software Select Admin Shutdown and deselect Disable new loginsApplying the software Administrative tasks Chapter Troubleshooting Client-based tools Troubleshooting tools Other tools System-based tools Diagnosing client connectivity problems Solving connectivity problems Common client connectivity problems Authentication failed Login not allowed at this timeRemote host not responding Maximum number of sessions reached Other IPsec errors No proposal chosenExtranet connection lost Problems with name resolution using DNS services Cannot browse the network with NetBEUI Network browsing problems Troubleshooting Diagnosing WAN link problems Check the T1/V.35 interface Check the PPP layer Check the Hdlc framing Performance tips for configuring Microsoft networking Solving performance problemsEliminating modem errors Hardware encryption accelerator connectivity What should be configured on the Pptp or IPsec client? What Wins settings are recommended? Why should Wins settings be different for extranet access? What can you try on the Wins server when it is not working? Can I control which machine is the master browser? Why are subnet masks important? What should I do about subnets? Why cant I browse another client in a different tunnel? Troubleshooting Additional information Web browser problems and the VPN Client Manager Solving general problems Long delays when Web browsing Enabling Web browser optionsImproving performance with Internet Explorer Clearing your Web browser cache when upgrading Web browser error messagesInternal error message Clearing cache Excess resource consumption using Internet Explorer New administrator login ignoredDocument not found message Internet Explorer 4.0 multiple help windows System problems Reporting a problem with a Web browserPower failure Distorted background images Select Servers Ldap Click Stop Server Group and user profile settings not saved Client address redistribution problems Solving routing problems An error occurred while parsing the policy Solving firewall problemsAn error occurred while communicating with the VPN Router Action Close the Stateful Firewall Manager Authorization failed. Please try again Contents of the database may have changedUnable to communicate with the VPN Router System files were not loaded properly ActionDeselect Cache JARs in Memory Troubleshooting NN46110-602 Chapter Packet capture Pcap features File format Security features Capture types Physical interface capturesTunnel captures Global IP captures Filters and triggers Capture filtersTriggers Memory considerations Saving captured data Performance considerations Enabling packet capture on a VPN Router Serial main menu appears Enter Privileged Exec mode Capturing packets to disk file Setting the Pcap file path Setting the size of the RAM buffer Setting the size of a disk capture fileSetting the maximum number of disk capture files Configuring and running packet capture objects Saving captured dataCreating a capture object Configuring a capture object CES#capture ether0 Tunnel capture parameters Starting, stopping, and saving capture objects Using the show capture command to display capture status CES# show capture Sample packet capture configurations Interface capture object using a filter and directionExit Capture Configuration mode CES#show capture test-filter-in Interface capture object using triggers CES#capture test-trigger start CES#show capture test-trigger Capture state Stopped by stop Tunnel capture object using a remote IP address Installing Ethereal software Viewing a packet capture output file on a PCLocate the Microsoft Windows row and click local archive Saving, downloading, and viewing Pcap files Click ethereal-setup-n.nn.n.exe Global IP capture Viewing a Pcap file with Sniffer Pro Click Tools Options Protocol Forcing Deleting capture objects and disabling packet capture CES# no capture test-trigger Packet capture NN46110-602 Novell IPX MIB Snmp RFC supportNovell RIP-SAP MIB RFC 1850-OSPF Version 2 Management Information Base RFC 1724-RIP Version 2 MIB Extension RFC 1213-Network Management of TCP/IP-Based InternetsRFC 2667-IP Tunnel MIB RFC 2737-Entity MIB RFC 2787-VRRP MIB RFC 2233-If MIB RFC 1573-IanaIfType MIBRFC 2571-Snmp-Framework MIB RFC2790-Host Resources MIB RFC2495-DS1 MIB VPN Router MIB RFC2863 Interface MIB 64 bit counters support TRAP-TYPE Cestraps.mib-Nortel proprietary MIB Variables Newoak.mib Hardware-related traps Appendix a MIB support Appendix a MIB support Appendix a MIB support Server-related traps Appendix a MIB support Software-related traps Login-related traps System-related traps Intrusion-related traps Information passed with every trap Provides trap categories and explanations Provides descriptions for the VPN Router traps Appendix a MIB support VPN Router traps MIB descriptions Appendix a MIB support VPN Router traps MIB descriptions Attached Failed Please note that X corresponds to Is not reachable and at least one Appendix a MIB support Appendix a MIB support VPN Router traps MIB descriptions IfReasonForStatus-ces-reason for the change in status Appendix a MIB support VPN Router traps MIB descriptions That triggered this event Appendix a MIB support VPN Router traps MIB descriptions Appendix a MIB support VPN Router traps MIB descriptions That triggered this event Establishing a serial PPP connection Appendix B Using serial PPP Double-click the Microsoft Dial-Up Networking icon Setting up a Dial-Up Networking connection Setting up the VPN Router Setting up the modemSelect System Settings Appendix B Using serial PPP Dialing in to the VPN Router Troubleshooting Serial PPPCause Actions Action PPP option settings Appendix B Using serial PPP NN46110-602 Error removing CA certificate file Installed new CA certificate from fileCertificate messages TCert X.509 certificates disabled in flash memory TCert Shutdown completeTCert task creation failed Isakmp 13 No proposal chosen in message from xxx a.b.c.d Isakmp messages Isakmp 13 Authentication failure in message from xxx a.b.c.d No response from client-logging out Isakmp 13 xxx a.b.c.d has exceeded idle timeout-logging out Branch office messages Couldnt install route for remxxx@xxx Checking chain invalid parent cert SSL messagesChecking chain invalid child cert Child cert xxx not valid signature by xxx Database messages Configuration file xxx does not existNo matching trusted CA certs Failed to start Security messages Ldif file could not restoreAccount xxxxxx uid xxx not found in account AuthServer ldap inconsistent no server type in entry Conn backlog reached, possible SYN attack Security store new system IP address xxx failed-xxxSecurity store new system name xxx failed-xxx Error copying subentries of xxx to Error copying entry xxx toError copying tree xxx to Security store new system subnet mask xxx failed-xxx Error deleting tree Error deleting entrySchemaCls Database schema not available LocalAuthServer failed remove-xxx Session xxxxxx invalid uid-authentication failed Session xxx uid invalid-authentication failedXxx xxx being referenced by Session xxxxxx session rejected-system is initializing Session xxxxxxxxx AddLink failed xxx current links Session xxxxxxxxx xxx auth method not allowed Session xxxxxxxxx account is disabled Session xxxxxxxxx L2TP host xxx account misconfiguredSession xxxxxxxxx IP address assignment failed Session xxxxxxxxx account has max links Session xxxxxxxxx authentication failed using Session xxxxxxxxx account not allowed nowSession xxxxxxxxx connect Qos level xxx full Disable logins after restart checkbox is selected Session xxxxxxxxx login rejected new logins disabledSession xxxxxxxxx no memory free xxx threshold Session xxxxxxxxx only one session/static address allowed Session xxxxxxxxx session directed to use server Session xxxxxxxxx pool address xxx already in useSession xxxxxxxxx static address xxx already in use Session xxxxxxxxx system has max sessions Radius accounting messages Radius no reply from server server-nameport numberRadius server-name server timed out Radius server-name server failed Indicated packet length too largeNon-matching ID in server response Received bad attribute type from server Unsupported response type number received from serverResponse OK Radius user-name accounting record sent to server-name OK Radius authentication messages Login failure due to Server network connection failureRadius no reply from Radius server server-nameport number Radius server-name server timed out authenticating user-name Non-matching id in server response Radius access challenge received Radius server returned access challengeRadius server rejected access Radius server-name sent challenge for user-name Radius user-name access OK by server server-name Radius user-name access Denied by server server-nameOspf Disabled Routing messages Ospf Enabled Closing OSPF-RTM connectionOpened OSPF-RTM connection LoadOspfAreas Failed Can not accept x.x.x.x as router idLoadOspfIntf Failed VR xxx Starting xxx as Master for VR xxx Starting xxx as Backup for VR xxx Starting xxx as master delayed Backup forVR xxx Shutting down xxx on RIP xxx RIP Enabled Unable to get configuration for VRRIP xxx RIP Disabled RIP xxx Cant alloc main node RIP xxx Unable to register with UDP RIP xxx Circuit xxx deletedRIP xxx setsockopt RIP socket xxx Sorcvbuf xxx failed RIP xxx bind RIP socket xxx failed RIP xxx cid xxx mismatched auth password from RIP xxx Unable to spawn timer task xxx for RIPInterface nnn not present, deleting from config Interface nnn replaced, resetting config HWAccel nnn not present, deleting from config Interface nnn replaced, deleting from config Appendix C System messages NN46110-602 Configuring the Cisco 2514 router, Version Appendix D Configuring for interoperability VPN Router and Cisco 2514 network topology NN46110-602 Following is a show config command Configuring the VPN Router for Cisco interoperability Appendix D Configuring for interoperability Mask Connecting to IRE SafeNET/Soft-PK Security Policy Client Click Pre-Shared Key 10.42 SafeNet/Soft-PK Security Policy Editor dialog box appears Encapsulation Protocol ESP Configuring the VPN Router for IRE interoperabilitySA Life Seconds and 3000 Seconds Go to Profiles Networks and click Edit Third-party client installation Considerations for using third-party clients Appendix D Configuring for interoperability Configuring the VPN Router as a branch office tunnel Set Perfect Forward Secrecy PFS to match the client side Configuring the VPN Router as a user tunnel To configure the VPN Router as a user tunnel Configuring IPX IPX client Sample IPX VPN Router topology IPX group configurationWindows 95 and Windows Windows NT IPX topology Nortel VPN Router Troubleshooting Appendix D Configuring for interoperability NN46110-602 Index Index Pptp Wins