ASP_IDS_LIMIT_OPEN_FLOWS_BY_PAIR
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall discarded the packet with the indicated characteristics and did not
create a new flow, because the number of open flows exceeded the intrusion detection
services (IDS) limit configured by the 'maximum' statement at the [edit services ids rule
<rule-name> term <term-name> then session-limit by-pair] hierarchy level. The discarded
packet contained the indicated information about its protocol (numerical identifier and
name), source (logical interface name, IP address, and port number), and destination
(IP address and port number).
Type Event: This message reports an event, not an error
Severity notice
Facility LOG_PFE
ASP_IDS_LIMIT_OPEN_FLOWS_BY_SRC
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall discarded the packet with the indicated characteristics and did not
create a new flow, because the number of open flows exceeded the intrusion detection
services (IDS) limit configured by the 'maximum' statement at the [edit services ids rule
<rule-name> term <term-name> then session-limit by-source] hierarchy level. The
discarded packet contained the indicated information about its protocol (numerical
identifier and name), source (logical interface name, IP address, and port number), and
destination (IP address and port number).
Type Event: This message reports an event, not an error
Severity notice
Facility LOG_PFE
ASP_IDS_LIMIT_PKT_RATE_BY_DEST
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall discarded the packet with the indicated characteristics, because
the number of packets per second (aggregated over all monitored flows) exceeded the
intrusion detection services (IDS) limit configured by the 'packets' statement at the [edit
services ids rule <rule-name> term <term-name> then session-limit by-destination]
hierarchy level. The discarded packet contained the indicated information about its
protocol (numerical identifier and name), source (logical interface name, IP address,
and port number), and destination (IP address and port number).
79Copyright © 2010, Juniper Networks, Inc.
Chapter 9: ASP System Log Messages
To Next Page
Loading...
Need help?
General
