Cisco Cisco Email Security Appliance C190 User Guide
34-40
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 34 System Administration
Alerts
INTERFACE.
FAILOVER.FAILURE_
BACKUP_RECOVERED
FAILOVER.FAILURE_
BACKUP_RECOVERED
Standby port $port on $pair_name okay
’port’ - Failed port
’pair_name’ - Failover pair
name.
name.
Information. Sent when a NIC pair failover is recovered.
INTERFACE.FAILOVER.
FAILURE_DETECTED
FAILURE_DETECTED
Port $port failure on $pair_name, switching to $port_other
’port’ - Failed port.
’port_other’ - New port.
’pair_name’ - Failover pair
name.
name.
Critical. Sent when a NIC pairing failover is detected due to
an interface failure.
an interface failure.
INTERFACE.FAILOVER.
FAILURE_DETECTED_NO_
BACKUP
FAILURE_DETECTED_NO_
BACKUP
Port $port_other on $pair_name is down, can’t switch to
$port_other
$port_other
’port’ - Failed port.
’port_other’ - New port.
’pair_name’ - Failover pair
name.
name.
Critical. Sent when a NIC pairing failover is detected due to
an interface failure, but a backup interface is not available.
an interface failure, but a backup interface is not available.
INTERFACE.FAILOVER.
FAILURE_RECOVERED
FAILURE_RECOVERED
Recovered network on $pair_name using port $port
’port’ - Failed port
’pair_name’ - Failover pair
name.
name.
Information. Sent when a NIC pair failover is recovered.
INTERFACE.FAILOVER.
MANUAL
MANUAL
Manual failover to port $port on $pair_name
’port’ - New active port.
’pair_name’ - Failover pair
name.
name.
Information. Sent when a manual failover to another NIC pair
is detected.
is detected.
COMMON.INVALID_FILTER
Invalid $class: $error
‘class’ - Either "Filter",
"SimpleFilter", etc.
"SimpleFilter", etc.
’error’ - Additional
why-filter-is-invalid info.
why-filter-is-invalid info.
Warning. Sent when an invalid filter is encountered.
IPBLOCKD.HOST_ADDED_TO_WHI
TELIST
TELIST
IPBLOCKD.HOST_ADDED_TO_BLA
CKLIST
CKLIST
IPBLOCKD.HOST_REMOVED_FRO
M_BLACKLIST
M_BLACKLIST
The host at $ip has been added to the blacklist because of an
SSH DOS attack.
SSH DOS attack.
The host at $ip has been permanently added to the ssh
whitelist.
whitelist.
The host at $ip has been removed from the blacklist
’ip’ - IP address from which
a login attempt occurred.
a login attempt occurred.
Warning.
IP addresses that try to connect to the appliance over SSH but
do not provide valid credentials are added to the SSH blacklist
if more than 10 failed attempts occur within two minutes.
do not provide valid credentials are added to the SSH blacklist
if more than 10 failed attempts occur within two minutes.
When a user logs in successfully from the same IP address,
that IP address is added to the whitelist.
that IP address is added to the whitelist.
Addresses on the whitelist are allowed access even if they are
also on the blacklist.
also on the blacklist.
Entries are automatically removed from the blacklist after
about a day.
about a day.
LDAP.GROUP_QUERY_
FAILED_ALERT
FAILED_ALERT
LDAP: Failed group query $name, comparison in filter will
evaluate as false
evaluate as false
’name’ - The name of the
query.
query.
Critical. Sent when an LDAP group query fails.
Table 34-7
Listing of Possible System Alerts (continued)
Component/Alert Name
Message and Description
Parameters