Chapter 18 Logs

Table 72 System Error Logs

LOG MESSAGE

DESCRIPTION

%s exceeds the max.

This attempt to create a NAT session exceeds the maximum

number of session per

number of NAT session table entries allowed to be created per

host!

host.

setNetBIOSFilter: calloc

The router failed to allocate memory for the NetBIOS filter

error

settings.

readNetBIOSFilter: calloc

The router failed to allocate memory for the NetBIOS filter

error

settings.

WAN connection is down.

A WAN connection is down. You cannot access the network

 

through this interface.

Table 73 Access Control Logs

LOG MESSAGE

DESCRIPTION

Firewall default policy: [TCP

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

UDP IGMP ESP GRE OSPF]

matched the default policy and was blocked or forwarded

<Packet Direction>

according to the default policy’s setting.

Firewall rule [NOT] match:[TCP

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

UDP IGMP ESP GRE OSPF]

matched (or did not match) a configured firewall rule

<Packet Direction>, <rule:%d>

(denoted by its number) and was blocked or forwarded

 

according to the rule.

Triangle route packet forwarded:

The firewall allowed a triangle route session to pass

[TCP UDP IGMP ESP GRE

through.

OSPF]

 

Packet without a NAT table entry

The router blocked a packet that didn't have a

blocked: [TCP UDP IGMP ESP

corresponding NAT table entry.

GRE OSPF]

 

Router sent blocked web site

The router sent a message to notify a user that the router

message: TCP

blocked access to a web site that the user requested.

Table 74 TCP Reset Logs

LOG MESSAGE

DESCRIPTION

Under SYN flood attack,

The router sent a TCP reset packet when a host was under a SYN

sent TCP RST

flood attack (the TCP incomplete count is per destination host.)

Exceed TCP MAX

The router sent a TCP reset packet when the number of TCP

incomplete, sent TCP RST

incomplete connections exceeded the user configured threshold.

 

(the TCP incomplete count is per destination host.) Note: Refer to

 

TCP Maximum Incomplete in the Firewall Attack Alerts screen.

 

 

Peer TCP state out of

The router sent a TCP reset packet when a TCP connection state

order, sent TCP RST

was out of order.Note: The firewall refers to RFC793 Figure 6 to

 

check the TCP state.

178

 

ZyXEL NBG-334SH User’s Guide