SECURITY

cli_user_login

Table 1. cli_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2001

Event name

cli_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

cli_user_login_failed

Table 2. cli_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2003

Event name

cli_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

cli_user_login_max_attempts

Table 3. cli_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2004

Event name

cli_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.46

Default severity

minor

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserCliLoginMaxAttempts notification is generated when a user attempting to open a CLI sesssion failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a CLI session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a CLI session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

cli_user_logout

Table 4. cli_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2002

Event name

cli_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

enable_admin

Table 5. enable_admin properties

Property name

Value

Application name

SECURITY

Event ID

2022

Event name

enable_admin

SNMP notification prefix and OID

N/A

Default severity

warning

Message format string

User $userName$ from $srcAddr$ successfully entered into admin enable mode

Cause

A user successfully entered into the admin enable mode.

Effect

A user access session is started.

Recovery

No recovery is required

enable_admin_failed

Table 6. enable_admin_failed properties

Property name

Value

Application name

SECURITY

Event ID

2241

Event name

enable_admin_failed

SNMP notification prefix and OID

N/A

Default severity

warning

Message format string

User $userName$ from $srcAddr$ failed to enter admin enable mode

Cause

A user failed to enter the admin enable mode.

Effect

N/A

Recovery

No recovery is required

ftp_transfer_failed

Table 7. ftp_transfer_failed properties

Property name

Value

Application name

SECURITY

Event ID

2021

Event name

ftp_transfer_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ failed.

Cause

A FTP/TFTP transfer failed.

Effect

N/A

Recovery

No recovery is required

ftp_transfer_successful

Table 8. ftp_transfer_successful properties

Property name

Value

Application name

SECURITY

Event ID

2020

Event name

ftp_transfer_successful

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ completed successfully.

Cause

A FTP/TFTP transfer completed successfully.

Effect

N/A

Recovery

No recovery is required

ftp_user_login

Table 9. ftp_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2005

Event name

ftp_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

A user access session was started

Recovery

No recovery is required

ftp_user_login_failed

Table 10. ftp_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2007

Event name

ftp_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

ftp_user_login_max_attempts

Table 11. ftp_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2008

Event name

ftp_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.47

Default severity

minor

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserFtpLoginMaxAttempts notification is generated when a user attempting to connect via FTP failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via FTP. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via FTP.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is terminated.

Recovery

No recovery action is required.

ftp_user_logout

Table 12. ftp_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2006

Event name

ftp_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

host_snmp_attempts

Table 13. host_snmp_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2023

Event name

host_snmp_attempts

SNMP notification prefix and OID

N/A

Default severity

warning

Message format string

Host $hostAddress$ is locked out for $lockoutTime$ minutes since it exceeded the configured threshold of unsuccessful SNMP connection attempts.

Cause

The remont SNMP host exceded the configured attempts.

Effect

The remote SNMP host is locked out and the router will not respond to further SNMP requests from the host.

Recovery

N/A

mafEntryMatch

Table 14. mafEntryMatch properties

Property name

Value

Application name

SECURITY

Event ID

2019

Event name

mafEntryMatch

SNMP notification prefix and OID

N/A

Default severity

major

Message format string

Description: $mafEntryDescription$

.There have been $mafEntryDropped$ matches since the previously logged match.

Interface: $sourceInterface$, action: $mafEntryAction$

$mafEntryProtocol$

Cause

A match has been found for an entry in the management access filter.

Effect

N/A

Recovery

No recovery is necessary.

mct_user_login

Table 15. mct_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2035

Event name

mct_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

MCT User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login via MCT.

Effect

A user access session was started.

Recovery

No recovery is required.

mct_user_login_failed

Table 16. mct_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2037

Event name

mct_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

MCT User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user is given another opportunity to authenticate himself.

Recovery

No recovery is required.

mct_user_login_max_attempts

Table 17. mct_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2038

Event name

mct_user_login_max_attempts

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

MCT User $userName $from $srcAddr$ attempted more than $maxAttempts$ times to log in

Cause

A user failed to authenticate in more than the permitted number of retries.

Effect

No effect.

Recovery

No recovery is required.

mct_user_logout

Table 18. mct_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2036

Event name

mct_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

MCT User $userName$ from $srcAddr$ logged out

Cause

A user logged out from MCT.

Effect

The user access session ended.

Recovery

No recovery is required.

netconf_user_login

Table 19. netconf_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2121

Event name

netconf_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

netconf_user_login_failed

Table 20. netconf_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2123

Event name

netconf_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

netconf_user_login_max_attempts

Table 21. netconf_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2124

Event name

netconf_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.55

Default severity

minor

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserNetconfLoginMaxAttempts notification is generated when a user attempting to open a netconf session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a netconf session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a netconf session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

netconf_user_logout

Table 22. netconf_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2122

Event name

netconf_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

radiusInetServerOperStatusChange

Table 23. radiusInetServerOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2026

Event name

radiusInetServerOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.36

Default severity

minor

Message format string

RADIUS server $radiusServerInetAddress$ operational status changed to $radiusServerOperStatus$.

Cause

The operational status of a RADIUS server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

radiusOperStatusChange

Table 24. radiusOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2014

Event name

radiusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.7

Default severity

minor

Message format string

RADIUS operational status changed to $radiusOperStatus$

Cause

The radiusOperStatus has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

radiusSystemIpAddrNotSet

Table 25. radiusSystemIpAddrNotSet properties

Property name

Value

Application name

SECURITY

Event ID

2016

Event name

radiusSystemIpAddrNotSet

SNMP notification prefix and OID

N/A

Default severity

major

Message format string

System IP address is not configured

Cause

A user attempted authentication through RADIUS but the system IP address is not configured.

Effect

Cannot authenticate the user using RADIUS.

Recovery

Configure the system IP address.

sapDcpDynamicConform

Table 26. sapDcpDynamicConform properties

Property name

Value

Application name

SECURITY

Event ID

2059

Event name

sapDcpDynamicConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.446

Default severity

warning

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicConform notification is generated when the protocol for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpDynamicEnforceAlloc

Table 27. sapDcpDynamicEnforceAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2064

Event name

sapDcpDynamicEnforceAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.51

Default severity

warning

Message format string

Dynamic $sapDcpFpProtocol$ policers allocated for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpDynamicEnforceAlloc notification is generated when a dynamic enforcement policer is allocated on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is not in conformance with the configured parameters of the associated distributed CPU protection policy and may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpDynamicEnforceFreed

Table 28. sapDcpDynamicEnforceFreed properties

Property name

Value

Application name

SECURITY

Event ID

2065

Event name

sapDcpDynamicEnforceFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.52

Default severity

warning

Message format string

Dynamic $sapDcpFpProtocol$ policers freed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicEnforceFreed notification is generated when a dynamic enforcement policer is freed on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is now in conformance with the configured parameters of the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpDynamicExcd

Table 29. sapDcpDynamicExcd properties

Property name

Value

Application name

SECURITY

Event ID

2053

Event name

sapDcpDynamicExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.40

Default severity

warning

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpProtocol$(dynamic). Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicExcd notification is generated when the protocol on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpDynamicHoldDownEnd

Table 30. sapDcpDynamicHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2057

Event name

sapDcpDynamicHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.44

Default severity

warning

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpProtocol$(dynamic). Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

sapDcpDynamicHoldDownStart

Table 31. sapDcpDynamicHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2055

Event name

sapDcpDynamicHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.42

Default severity

warning

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpProtocol$(dynamic). Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

sapDcpLocMonExcd

Table 32. sapDcpLocMonExcd properties

Property name

Value

Application name

SECURITY

Event ID

2060

Event name

sapDcpLocMonExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.47

Default severity

warning

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcd notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system will attempt to allocate dymanic enforcement policers. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpLocMonExcdAllDynAlloc

Table 33. sapDcpLocMonExcdAllDynAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2062

Event name

sapDcpLocMonExcdAllDynAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.49

Default severity

warning

Message format string

All dynamic policers allocated for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdAllDynAlloc notification is generated when all dynamic enforcement policers associated with a non-conformant local-monitoring-policer have been successfully allocated for a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configure to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpLocMonExcdAllDynFreed

Table 34. sapDcpLocMonExcdAllDynFreed properties

Property name

Value

Application name

SECURITY

Event ID

2063

Event name

sapDcpLocMonExcdAllDynFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.50

Default severity

warning

Message format string

All dynamic policers freed for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpLocMonExcdAllDynFreed notification is generated for a particular SAP when all the previously allocated dynamic enforcement policers for a particular local-monitoring-policer on the associated distributed CPU protection policy have been freed up and all the protocols are once again being monitored by local-monitor. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

There is no recovery required for this notification.

sapDcpLocMonExcdDynResource

Table 35. sapDcpLocMonExcdDynResource properties

Property name

Value

Application name

SECURITY

Event ID

2061

Event name

sapDcpLocMonExcdDynResource

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.48

Default severity

warning

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$ and cannot allocate dynamic policers. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdDynResource notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system cannot allocate all the dynamic enforcements policers associated with the distributed CPU protection policy . This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP or to the dynamic enforcement policer pool(TIMETRA-CHASSIS-MIB.mib::tmnxFPDCpuProtDynEnfrcPlcrPool).

sapDcpStaticConform

Table 36. sapDcpStaticConform properties

Property name

Value

Application name

SECURITY

Event ID

2058

Event name

sapDcpStaticConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.45

Default severity

warning

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticConform notification is generated when the static-policer for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpStaticExcd

Table 37. sapDcpStaticExcd properties

Property name

Value

Application name

SECURITY

Event ID

2052

Event name

sapDcpStaticExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.39

Default severity

warning

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpStaticPlcrName$(static). Excd count=$sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticExcd notification is generated when the static-policer on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpStaticHoldDownEnd

Table 38. sapDcpStaticHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2056

Event name

sapDcpStaticHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.43

Default severity

warning

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpStaticPlcrName$(static). Excd count=$sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

sapDcpStaticHoldDownStart

Table 39. sapDcpStaticHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2054

Event name

sapDcpStaticHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.41

Default severity

warning

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer= $sapDcpFpStaticPlcrName$(static). Excd count=$sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

SSH_server_preserve_key_fail

Table 40. SSH_server_preserve_key_fail properties

Property name

Value

Application name

SECURITY

Event ID

2024

Event name

SSH_server_preserve_key_fail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.1

Default severity

minor

Message format string

Persistance of SSH server host key failed on $tmnxCpmFlashHwIndex$ with operational status $tmnxCpmFlashOperStatus$.

Cause

Persistance of the SSH server host keys failed.

Effect

The SSH server host key will differ after reboot. The remote server host key will not be stored across reboots.

Recovery

N/A

ssh_user_login

Table 41. ssh_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2009

Event name

ssh_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

The user access session was started.

Recovery

No recovery is required

ssh_user_login_failed

Table 42. ssh_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2011

Event name

ssh_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

ssh_user_login_max_attempts

Table 43. ssh_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2012

Event name

ssh_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.48

Default severity

minor

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserSshLoginMaxAttempts notification is generated when a user attempting to connect via SSH failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via SSH. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via SSH.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is terminated.

Recovery

No recovery action is required.

ssh_user_logout

Table 44. ssh_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2010

Event name

ssh_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

sysDNSSecFailedAuthentication

Table 45. sysDNSSecFailedAuthentication properties

Property name

Value

Application name

SECURITY

Event ID

2086

Event name

sysDNSSecFailedAuthentication

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.57

Default severity

warning

Message format string

Possible messages:

  • Received response for '$tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response accepted

  • Received response for '$tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response dropped

Cause

The sysDNSSecFailedAuthentication notification is generated when a DNS response PDU is received with an unset AD-bit and sysDNSSecAdValidation is set to 'true (1)'.

Effect

This notification is informational only. The message will vary depending on the state of sysDNSSecRespCtrl.

Recovery

There is no recovery required for this notification.

tacplusInetSrvrOperStatusChange

Table 46. tacplusInetSrvrOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2025

Event name

tacplusInetSrvrOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.35

Default severity

minor

Message format string

TACACS+ server $tacPlusServerInetAddress$ operational status changed to $tacplusServerOperStatus$.

Cause

The operational status of a TACACS+ server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

tacplusOperStatusChange

Table 47. tacplusOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2018

Event name

tacplusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.20

Default severity

minor

Message format string

TACACS+ operational status changed to $tacplusOperStatus$.

Cause

The TACACS+ operational status has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

tmnxAppPkiCertVerificationFailed

Table 48. tmnxAppPkiCertVerificationFailed properties

Property name

Value

Application name

SECURITY

Event ID

2116

Event name

tmnxAppPkiCertVerificationFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.51

Default severity

minor

Message format string

$tmnxSecNotifClientAppName$ : Certificate $tmnxSecNotifCert$ verification failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxAppPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails for a non-IPsec application.

Effect

Fail to establish a secured connection with the remote entity.

Recovery

Make sure the certificate specified in tmnxSecNotifCert is a valid certificate and an appropriate trust anchor is configured.

tmnxCAProfileStateChange

Table 49. tmnxCAProfileStateChange properties

Property name

Value

Application name

SECURITY

Event ID

2045

Event name

tmnxCAProfileStateChange

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.18

Default severity

minor

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ $tmnxSecNotifFailureReason$

Cause

The tmnxCAProfileStateChange notification is generated when Certificate Authority profile changes state to 'down' due to tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain in this state until a corrective action is taken.

Recovery

Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

tmnxCAProfUpDueToRevokeChkCrlOpt

Table 50. tmnxCAProfUpDueToRevokeChkCrlOpt properties

Property name

Value

Application name

SECURITY

Event ID

2094

Event name

tmnxCAProfUpDueToRevokeChkCrlOpt

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.27

Default severity

minor

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ regardless of $tmnxSecNotifFailureReason$ due to crl-optional is set

Cause

The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated when Certificate Authority profile changes state to 'up' due to tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain up.

Recovery

Errors described in tmnxSecNotifFailureReason should still be corrected.

tmnxCertExport

Table 51. tmnxCertExport properties

Property name

Value

Application name

SECURITY

Event ID

2233

Event name

tmnxCertExport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.58

Default severity

minor

Message format string

admin certificate export type $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertExport notification is generated when a user exports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCertImport

Table 52. tmnxCertImport properties

Property name

Value

Application name

SECURITY

Event ID

2232

Event name

tmnxCertImport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.57

Default severity

minor

Message format string

admin certificate import $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertImport notification is generated when a user imports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCertKeyPairGen

Table 53. tmnxCertKeyPairGen properties

Property name

Value

Application name

SECURITY

Event ID

2231

Event name

tmnxCertKeyPairGen

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.56

Default severity

minor

Message format string

Possible messages:

  • admin certificate gen-keypair $tmnxSecNotifyUrl$ curve $tmnxSecNotifyCurve$ : $tmnxSecEventOutcome$

  • admin certificate gen-keypair $tmnxSecNotifyUrl$ size $tmnxSecNotifyKeySize$ type $tmnxSecNotifyKeyType$ : $tmnxSecEventOutcome$

Cause

A tmnxCertKeyPairGen notification is generated when a user generates a cryptographic key with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCliGroupSessionLimitExceeded

Table 54. tmnxCliGroupSessionLimitExceeded properties

Property name

Value

Application name

SECURITY

Event ID

2112

Event name

tmnxCliGroupSessionLimitExceeded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.44

Default severity

minor

Message format string

$tmnxSessionLimitExceededType$ of CLI session group ' $tmnxSessionLimitExceededName$' has been exceeded

Cause

The tmnxCliGroupSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the CLI session group of which the user is an indirect member (as a member of a user profile that is a member of the CLI session group) has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the CLI session group of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded.

Effect

The user access session has not been established.

Recovery

An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxCliSessionGroupTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's priviledges) 4) revoke the session group membership for the particular profile

tmnxConfigCreate

Table 55. tmnxConfigCreate properties

Property name

Value

Application name

SECURITY

Event ID

2207

Event name

tmnxConfigCreate

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.9

Default severity

warning

Message format string

$tmnxNotifyObjectName$ managed object created

Cause

A new row entry was created in one of the MIB tables. This event can be used by the NMS to trigger maintenance polls of the configuration information.

Effect

N/A

Recovery

No recovery is necessary.

tmnxConfigDelete

Table 56. tmnxConfigDelete properties

Property name

Value

Application name

SECURITY

Event ID

2208

Event name

tmnxConfigDelete

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.10

Default severity

warning

Message format string

$tmnxNotifyObjectName$ managed object deleted

Cause

An existing row entry in one of the MIB tables is deleted. This event can be used by the NMS to trigger maintenance polls of the configuration information.

Effect

N/A

Recovery

No recovery is necessary.

tmnxConfigModify

Table 57. tmnxConfigModify properties

Property name

Value

Application name

SECURITY

Event ID

2206

Event name

tmnxConfigModify

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.8

Default severity

warning

Message format string

$tmnxNotifyObjectName$ configuration modified

Cause

A configuration attribute associated with a row entry in a MIB table was modified. this event can be used by the NMS to trigger maintenance polls of the configuration information.

Effect

N/A

Recovery

No recovery is necessary.

tmnxCpmProtDefPolModified

Table 58. tmnxCpmProtDefPolModified properties

Property name

Value

Application name

SECURITY

Event ID

2037

Event name

tmnxCpmProtDefPolModified

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.11

Default severity

minor

Message format string

Default policy $tmnxCpmProtPolId$ being modified by user.

Cause

User modifies default access or default network policy.

Effect

N/A

Recovery

No recovery is necessary.

tmnxCpmProtExcdSapEcm

Table 59. tmnxCpmProtExcdSapEcm properties

Property name

Value

Application name

SECURITY

Event ID

2041

Event name

tmnxCpmProtExcdSapEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.14

Default severity

warning

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSapEcmOpCode$ domain level $tmnxCpmProtExcdSapEcmLevel$ MAC $tmnxCpmProtExcdSapEcmMac$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local SAP at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the SAP was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

tmnxCpmProtExcdSapIp

Table 60. tmnxCpmProtExcdSapIp properties

Property name

Value

Application name

SECURITY

Event ID

2046

Event name

tmnxCpmProtExcdSapIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.19

Default severity

warning

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSapIpAddr$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapIp notification is generated when a source (identified by an IP address) sends a packet stream to a local SAP at a rate which exceeds the SAP's configured per-source-rate. [EFFECT] One or more packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, OR increase the locally configured per-source-rate for the SAP, OR disable per-IP-source rate limiting on the SAP by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'.

Effect

N/A

Recovery

N/A

tmnxCpmProtExcdSdpBind

Table 61. tmnxCpmProtExcdSdpBind properties

Property name

Value

Application name

SECURITY

Event ID

2040

Event name

tmnxCpmProtExcdSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.13

Default severity

warning

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtExcdSdpBindMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBind notification is generated when a source (identified by a MAC address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

tmnxCpmProtExcdSdpBindEcm

Table 62. tmnxCpmProtExcdSdpBindEcm properties

Property name

Value

Application name

SECURITY

Event ID

2042

Event name

tmnxCpmProtExcdSdpBindEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.15

Default severity

warning

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSdpBindEcmOpCode$ domain level $tmnxCpmProtExcdSdpBindEcmLevel$ MAC $tmnxCpmProtExcdSdpBindEcmMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

tmnxCpmProtExcdSdpBindIp

Table 63. tmnxCpmProtExcdSdpBindIp properties

Property name

Value

Application name

SECURITY

Event ID

2087

Event name

tmnxCpmProtExcdSdpBindIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.23

Default severity

warning

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSdpBindIpAddr$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindIp notification is generated when a source (identified by an IP address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

tmnxCpmProtViolIf

Table 64. tmnxCpmProtViolIf properties

Property name

Value

Application name

SECURITY

Event ID

2030

Event name

tmnxCpmProtViolIf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.5

Default severity

warning

Message format string

Overall packet arrival rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for an interface and notifications are enabled. The overall packet arrival rate limit is specified by the managed object tmnxCpmProtPolOverallRateLimit of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId. Notifications are enabled if the value of the managed object tmnxCpmProtPolAlarm of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPolOverallRateLimit. Additional information can be retrieved in the SNMP table tmnxCpmProtViolIfTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolIfOutProf

Table 65. tmnxCpmProtViolIfOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2085

Event name

tmnxCpmProtViolIfOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.22

Default severity

warning

Message format string

Out-of-Profile control packets rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolIfOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this interface.

tmnxCpmProtViolMac

Table 66. tmnxCpmProtViolMac properties

Property name

Value

Application name

SECURITY

Event ID

2032

Event name

tmnxCpmProtViolMac

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.7

Default severity

warning

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtViolMacAddress$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-source rate limit violation was detected for a source, and notifications are enabled. The per-source rate limit is specified by the object tmnxCpmProtPolPerSrcRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolPerSrcRateLimit Additional information can be retrieved in the table tmnxCpmProtExcdTable.

Effect

While the per-source rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolPort

Table 67. tmnxCpmProtViolPort properties

Property name

Value

Application name

SECURITY

Event ID

2028

Event name

tmnxCpmProtViolPort

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.3

Default severity

warning

Message format string

Link-specific packet arrival rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A link-specific packet arrival rate limit violation was detected for a port. The link-specific packet arrival rate limit is specified by the managed object tmnxCpmProtLinkRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtLinkRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some packets from link-specific protocols are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolPortAgg

Table 68. tmnxCpmProtViolPortAgg properties

Property name

Value

Application name

SECURITY

Event ID

2029

Event name

tmnxCpmProtViolPortAgg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.4

Default severity

warning

Message format string

Per-port overall packet rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-port overall packet rate limit violation was detected for a port. The per-port overall packet rate limit is specified by the managed object tmnxCpmProtPortOverallRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPortOverallRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolSap

Table 69. tmnxCpmProtViolSap properties

Property name

Value

Application name

SECURITY

Event ID

2031

Event name

tmnxCpmProtViolSap

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.6

Default severity

warning

Message format string

Overall packet arrival rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for a SAP and notifications are enabled. The overall packet arrival rate limit is specified by the object tmnxCpmProtPolOverallRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolOverallRateLimit Additional information can be retrieved in the table tmnxCpmProtViolSapTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolSapOutProf

Table 70. tmnxCpmProtViolSapOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2084

Event name

tmnxCpmProtViolSapOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.21

Default severity

warning

Message format string

Out-of-Profile control packets rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSapOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SAP.

tmnxCpmProtViolSdpBind

Table 71. tmnxCpmProtViolSdpBind properties

Property name

Value

Application name

SECURITY

Event ID

2039

Event name

tmnxCpmProtViolSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.12

Default severity

warning

Message format string

Overall packet arrival rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBind notification is generated when the packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's configured overall-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured overall-rate for the SDP.

tmnxCpmProtViolSdpBindOutProf

Table 72. tmnxCpmProtViolSdpBindOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2089

Event name

tmnxCpmProtViolSdpBindOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.25

Default severity

warning

Message format string

Out-of-Profile control packets rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBindOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SDP binding.

tmnxCpmProtViolVdoSvcClient

Table 73. tmnxCpmProtViolVdoSvcClient properties

Property name

Value

Application name

SECURITY

Event ID

2033

Event name

tmnxCpmProtViolVdoSvcClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.8

Default severity

warning

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoSvcCltAddr$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

tmnxCpmProtViolVdoVrtrClient

Table 74. tmnxCpmProtViolVdoVrtrClient properties

Property name

Value

Application name

SECURITY

Event ID

2034

Event name

tmnxCpmProtViolVdoVrtrClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.9

Default severity

warning

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoVrtrCltAddr$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

tmnxDcpCardFpEventOvrflw

Table 75. tmnxDcpCardFpEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2080

Event name

tmnxDcpCardFpEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.72

Default severity

warning

Message format string

Distributed CPU Protection FP log event overflow occured on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflw notification is generated when a flood of distibuted CPU protection events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardFpEventOvrflwClr

Table 76. tmnxDcpCardFpEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2049

Event name

tmnxDcpCardFpEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.77

Default severity

warning

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection FP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflwClr notification is generated when the event throttling has ended for distibuted CPU protection FP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpCardSapEventOvrflw

Table 77. tmnxDcpCardSapEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2081

Event name

tmnxDcpCardSapEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.73

Default severity

warning

Message format string

Distributed CPU Protection SAP log event overflow occured on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflw notification is generated when a flood of distibuted CPU protection SAP events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some SAP notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardSapEventOvrflwClr

Table 78. tmnxDcpCardSapEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2050

Event name

tmnxDcpCardSapEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.78

Default severity

warning

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection SAP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflwClr notification is generated when the event throttling has ended for distibuted CPU protection SAP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpCardVrtrIfEventOvrflw

Table 79. tmnxDcpCardVrtrIfEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2082

Event name

tmnxDcpCardVrtrIfEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.74

Default severity

warning

Message format string

Distributed CPU Protection Network_if log event overflow occured on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflw notification is generated when a flood of distibuted CPU protection network-interface events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some network-interface notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardVrtrIfEventOvrflwClr

Table 80. tmnxDcpCardVrtrIfEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2051

Event name

tmnxDcpCardVrtrIfEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.79

Default severity

warning

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection Netwk_if log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflwClr notification is generated the when event throttling has ended for distibuted CPU protection networrk-interface events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpFpDynPoolUsageHiAlmClear

Table 81. tmnxDcpFpDynPoolUsageHiAlmClear properties

Property name

Value

Application name

SECURITY

Event ID

2048

Event name

tmnxDcpFpDynPoolUsageHiAlmClear

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.76

Default severity

warning

Message format string

Dynamic Enforcement Pool OK again on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmClear notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is no longer exhausted.

Effect

Dynamic enforcement policers are available in the free pool to be allocated when needed.

Recovery

There is no recovery required for this notification.

tmnxDcpFpDynPoolUsageHiAlmRaise

Table 82. tmnxDcpFpDynPoolUsageHiAlmRaise properties

Property name

Value

Application name

SECURITY

Event ID

2047

Event name

tmnxDcpFpDynPoolUsageHiAlmRaise

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.75

Default severity

warning

Message format string

Dynamic Enforcement Pool nearly (or fully) exhausted on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmRaise notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is nearly exhausted.

Effect

Dynamic enforcement policers may not get allocated on the forwarding plane.

Recovery

This notification will be cleared when either the dynamic enforcement policer pool is increased or the usage drops.

tmnxFileCopied

Table 83. tmnxFileCopied properties

Property name

Value

Application name

SECURITY

Event ID

2236

Event name

tmnxFileCopied

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.61

Default severity

minor

Message format string

File $tmnxSecNotifyUrl$ copied to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileCopied notification is generated when a user copies a file through the file command

Effect

N/A

Recovery

N/A

tmnxFileDeleted

Table 84. tmnxFileDeleted properties

Property name

Value

Application name

SECURITY

Event ID

2234

Event name

tmnxFileDeleted

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.59

Default severity

minor

Message format string

File $tmnxSecNotifyUrl$ delete : $tmnxSecEventOutcome$

Cause

A tmnxFileDeleted notification is generated when a user deletes a file through the file command

Effect

N/A

Recovery

N/A

tmnxFileMoved

Table 85. tmnxFileMoved properties

Property name

Value

Application name

SECURITY

Event ID

2235

Event name

tmnxFileMoved

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.60

Default severity

minor

Message format string

File $tmnxSecNotifyUrl$ move to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileMoved notification is generated when a user moves a file through the file command

Effect

N/A

Recovery

N/A

tmnxKeyChainAuthFailure

Table 86. tmnxKeyChainAuthFailure properties

Property name

Value

Application name

SECURITY

Event ID

2027

Event name

tmnxKeyChainAuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.2

Default severity

minor

Message format string

Incoming packet from source address $tmnxKeyChainAuthAddress$ virtual router $vRtrID$ dropped due to key chain authentication failure and possible reason is $tmnxKeyChainAuthFailReason$.

Cause

The incoming packet was dropped due to key chain authentication failure. Failure could be due to the following reasons or more: - Send packet had no auth keychain but recv side had keychain enabled. - Keychain key id's did not match. - Keychain key digest mismatch. - Received packet with and invalid enhanced authentication option length. - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'.

Effect

N/A

Recovery

No recovery is necessary.

tmnxMD5AuthFailure

Table 87. tmnxMD5AuthFailure properties

Property name

Value

Application name

SECURITY

Event ID

2036

Event name

tmnxMD5AuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.10

Default severity

minor

Message format string

Incoming packet from source address $tmnxMD5AuthAddr$ virtual router $vRtrID$ dropped due to MD5 authentication failure and possible reason is $tmnxMD5AuthFailReason$.

Cause

The incoming packet was dropped due to MD5 authentication failure. Failure is due to digest mismatch.

Effect

N/A

Recovery

No recovery is necessary.

tmnxPasswordHashingChanged

Table 88. tmnxPasswordHashingChanged properties

Property name

Value

Application name

SECURITY

Event ID

2238

Event name

tmnxPasswordHashingChanged

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.63

Default severity

minor

Message format string

Password hashing changed from $tmnxSecNotifOldPasswordHashing$ to $tmnxSecNotifNewPasswordHashing$

Cause

The tmnxPasswordHashingChanged notification is generated upon the change of password hashing algorithm (tmnxPasswordHashing). The value of the object tmnxSecNotifNewPasswordHashing indicates the new password hashing algorithm. The value of the object tmnxSecNotifOldPasswordHashing indicates the new password hashing algorithm.

Effect

Users will be prompted to change their password upon log in to the system. All newly stored user passwords will be hashed by the algorithm defined by tmnxPasswordHashing.

Recovery

No recovery action is required.

tmnxPkiCAProfActnStatusChg

Table 89. tmnxPkiCAProfActnStatusChg properties

Property name

Value

Application name

SECURITY

Event ID

2083

Event name

tmnxPkiCAProfActnStatusChg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.20

Default severity

minor

Message format string

$tmnxPkiCAProfActnType$ for ca-profile ( $tmnxPkiCAProfile$) $tmnxPkiCAProfActnStatus$. ca-response: $tmnxCAProfActnStatusCode$. $tmnxPkiCAProfActnStatusString$

Cause

The tmnxPkiCAProfActnStatusChg notification is generated when tmnxPkiCAProfActnStatus changes status. More information is available through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode.

Effect

This is due to the action performed using tmnxPkiCAProfActnTable.

Recovery

Depending on the information available in this trap, another tmnxPkiCAProfActnType request may be issued by correcting the parameters in the tmnxPkiCAProfActnTable.

tmnxPkiCAProfCrlUpdAllUrlsFail

Table 90. tmnxPkiCAProfCrlUpdAllUrlsFail properties

Property name

Value

Application name

SECURITY

Event ID

2108

Event name

tmnxPkiCAProfCrlUpdAllUrlsFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.40

Default severity

minor

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ($tmnxPkiCAProfUrlId$), the last of all the URLs for CA profile $tmnxPkiCAProfile$, due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated when the CRL update operation failed after attempting all URLs for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable.

Effect

When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop attempting to update the CRL file. The system will attempt to download the same CRL file starting from the first URL in the URL list again after 1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or 2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

tmnxPkiCAProfCrlUpdateStart

Table 91. tmnxPkiCAProfCrlUpdateStart properties

Property name

Value

Application name

SECURITY

Event ID

2105

Event name

tmnxPkiCAProfCrlUpdateStart

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.37

Default severity

minor

Message format string

Started updating the CRL file for CA profile $tmnxPkiCAProfileNameForNotify$

Cause

A tmnxPkiCAProfCrlUpdateStart notification is generated when a CRL update operation is started for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

The system is downloading the CRL file from a URL, which is configured via tmnxPkiCAProfUrlTable.

Recovery

No recovery is required for this notification.

tmnxPkiCAProfCrlUpdateSuccess

Table 92. tmnxPkiCAProfCrlUpdateSuccess properties

Property name

Value

Application name

SECURITY

Event ID

2106

Event name

tmnxPkiCAProfCrlUpdateSuccess

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.38

Default severity

minor

Message format string

A CRL file was successfully updated from $tmnxPkiCAProfUrl$ ($tmnxPkiCAProfUrlId$) for CA profile $tmnxPkiCAProfile$

Cause

A tmnxPkiCAProfCrlUpdateSuccess notification is generated when a new valid CRL file is successfully updated for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

tmnxPkiCAProfileCRLFile will be replaced if the downloaded CRL file qualified. The cases that a downloaded CRL does not qualify are explained in the description clause of tmnxPkiCAProfAtCrlUpdScheduleT.

Recovery

No recovery is required for this notification.

tmnxPkiCAProfCrlUpdateUrlFail

Table 93. tmnxPkiCAProfCrlUpdateUrlFail properties

Property name

Value

Application name

SECURITY

Event ID

2107

Event name

tmnxPkiCAProfCrlUpdateUrlFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.39

Default severity

minor

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ($tmnxPkiCAProfUrlId$) due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when the CRL update operation has failed after attempting the indicated URL for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable. A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the last one in the URL list for an existing CA Profile. In such case, a tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent.

Effect

The system will attempt to download the CRL file from the next URL in the URL list.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

tmnxPkiCAProfCrlUpdLargPreUpdTm

Table 94. tmnxPkiCAProfCrlUpdLargPreUpdTm properties

Property name

Value

Application name

SECURITY

Event ID

2113

Event name

tmnxPkiCAProfCrlUpdLargPreUpdTm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.45

Default severity

minor

Message format string

The CRL pre-update time for CA profile $tmnxPkiCAProfileNameForNotify$ might be too large

Cause

A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated when the 'nextUpdate' time of a newly downloaded CRL is earlier than the last successful update time or the time of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update time. The last successful update time is stored in tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured via tmnxPkiCAProfAtCrlUpdPreUpdTime.

Effect

The system will update the CRL again in tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately.

Recovery

Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less than (the 'nextUpdate' value of the newly downloaded CRL - the last successful update time). The ideal value would be a value slightly lower than the CRL overlap period to avoid unnecessary download attempts. No recovery is needed for if the notification is generated in case of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'.

tmnxPkiCAProfCrlUpdNoNxtUpdTime

Table 95. tmnxPkiCAProfCrlUpdNoNxtUpdTime properties

Property name

Value

Application name

SECURITY

Event ID

2110

Event name

tmnxPkiCAProfCrlUpdNoNxtUpdTime

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.42

Default severity

minor

Message format string

No further scheduled CRL update for CA profile $tmnxPkiCAProfileNameForNotify$ since either 1) the CRL update retry interval is not configured, or 2) 'nextUpdate' field is missing from the CRL, or 3) the 'nextUpdate' value is beyond the limit of the system

Cause

A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and one of the following conditions is true: 1) The 'nextUpdate' field is missing from the CRL file or contains a value that is beyond the limit of the system 2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured URLs work or contain a CRL that qualifies from the first scheduled update.

Effect

The system will not download a new CRL file.

Recovery

Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if the system is to check for an updated CRL every tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'.

tmnxPkiCAProfRevokeChkWarning

Table 96. tmnxPkiCAProfRevokeChkWarning properties

Property name

Value

Application name

SECURITY

Event ID

2093

Event name

tmnxPkiCAProfRevokeChkWarning

SNMP notification prefix and OID

N/A

Default severity

minor

Message format string

$tmnxSecNotifTunnelName$ : CRL check skipped for $skippedCert$ issued by ca-profile $tmnxPkiCAProfile$ while verifying EE cert $eeCertSubject$ due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiCAProfRevokeChkWarning notification is generated whenever a CRL verification is skipped during chain/ee certificate verification. This event is throttled.

Effect

System did not verify revocation status on the subject certificate.

Recovery

Check the value of tmnxPkiCAProfRevokeChk object for this CA profile if it is not expected.

tmnxPkiCertAfterExpWarning

Table 97. tmnxPkiCertAfterExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2096

Event name

tmnxPkiCertAfterExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.29

Default severity

minor

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ has expired.

Cause

The tmnxPkiCertAfterExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile has expired.

Effect

The indicated certificate has expired.

Recovery

Replace the indicated file with an updated certificate.

tmnxPkiCertBeforeExpWarning

Table 98. tmnxPkiCertBeforeExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2095

Event name

tmnxPkiCertBeforeExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.28

Default severity

minor

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ will expire in $tmnxPkiExpRemainingHours$ hour(s) and $tmnxPkiExpRemainingMinutes$ minute(s).

Cause

The tmnxPkiCertBeforeExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes.

Effect

The indicated certificate will expire.

Recovery

Replace the indicated file with an updated certificate.

tmnxPkiCertExpWarningCleared

Table 99. tmnxPkiCertExpWarningCleared properties

Property name

Value

Application name

SECURITY

Event ID

2097

Event name

tmnxPkiCertExpWarningCleared

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.30

Default severity

minor

Message format string

Expiration warning for certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ is no longer applicable because of the following reason: $tmnxPkiExpReason$.

Cause

The tmnxPkiCertExpWarningCleared notification is generated when the expiration warning for the certificate indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason.

Effect

The indicated certificate is no longer going to expire.

Recovery

None needed.

tmnxPkiCertNotYetValid

Table 100. tmnxPkiCertNotYetValid properties

Property name

Value

Application name

SECURITY

Event ID

2114

Event name

tmnxPkiCertNotYetValid

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.49

Default severity

minor

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ is not yet valid.

Cause

The tmnxPkiCertNotYetValid notification is generated when the certificate indicated in tmnxSecNotifFile is not yet valid.

Effect

The indicated certificate is not usable until the 'notBefore' time is reached. If the certificate is specified in a CA-profile, then the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'notBefore' time is reached.

Recovery

Replace tmnxSecNotifFile with a certificate file that is still valid, or wait until the 'notBefore' time specified in the certificate is reached for the system to recover itself.

tmnxPkiCertVerificationFailed

Table 101. tmnxPkiCertVerificationFailed properties

Property name

Value

Application name

SECURITY

Event ID

2044

Event name

tmnxPkiCertVerificationFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.17

Default severity

minor

Message format string

IPsec Tunnel $tmnxSecNotifTunnelName$ : Certificate $tmnxSecNotifCert$ verification failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails.

Effect

Authentication of the tunnel configured with the certificate will start to fail.

Recovery

Make sure the certificate specified in tmnxSecurityNotifCert exists and is a valid certificate.

tmnxPkiCRLAfterExpWarning

Table 102. tmnxPkiCRLAfterExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2099

Event name

tmnxPkiCRLAfterExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.32

Default severity

minor

Message format string

CRL $tmnxSecNotifFile$ has expired.

Cause

The tmnxPkiCRLAfterExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile has expired.

Effect

The indicated CRL (certificate revocation list) has expired.

Recovery

Replace the indicated file with an updated CRL (certificate revocation list).

tmnxPkiCRLBeforeExpWarning

Table 103. tmnxPkiCRLBeforeExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2098

Event name

tmnxPkiCRLBeforeExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.31

Default severity

minor

Message format string

CRL $tmnxSecNotifFile$ will expire in $tmnxPkiExpRemainingHours$ hour(s) and $tmnxPkiExpRemainingMinutes$ minute(s).

Cause

The tmnxPkiCRLBeforeExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes.

Effect

The indicated CRL (certificate revocation list) will expire.

Recovery

Replace the indicated file with an updated CRL (certificate revocation list).

tmnxPkiCRLExpWarningCleared

Table 104. tmnxPkiCRLExpWarningCleared properties

Property name

Value

Application name

SECURITY

Event ID

2100

Event name

tmnxPkiCRLExpWarningCleared

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.33

Default severity

minor

Message format string

Expiration warning for CRL $tmnxSecNotifFile$ is no longer applicable because of the following reason: $tmnxPkiExpReason$

Cause

The tmnxPkiCRLExpWarningCleared notification is generated when the expiration warning for the CRL (certificate revocation list) indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason.

Effect

The indicated CRL (certificate revocation list) is no longer going to expire.

Recovery

None needed.

tmnxPkiCRLNotYetValid

Table 105. tmnxPkiCRLNotYetValid properties

Property name

Value

Application name

SECURITY

Event ID

2115

Event name

tmnxPkiCRLNotYetValid

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.50

Default severity

minor

Message format string

CRL $tmnxSecNotifFile$ is not yet valid.

Cause

The tmnxPkiCRLNotYetValid notification is generated when the CRL (Certificate Revocation List) indicated in tmnxSecNotifFile is not yet valid.

Effect

The CRL is not usable until the 'thisUpdate' time is reached. Unless tmnxPkiCAProfRevokeChk is configured to 'crlOptional (2)', the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'thisUpdate' time is reached.

Recovery

Replace tmnxSecNotifFile with a CRL that is still valid, or wait until the 'thisUpdate' time specified in the CRL is reached for the system to recover itself.

tmnxPkiFileReadFailed

Table 106. tmnxPkiFileReadFailed properties

Property name

Value

Application name

SECURITY

Event ID

2043

Event name

tmnxPkiFileReadFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.16

Default severity

minor

Message format string

File $tmnxSecNotifFile$ read failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiFileReadFailed notification is generated when an attempt to read the file fails. Reason of the failure is indicated by the tmnxSecNotifFailureReason object.

Effect

Operational status of tunnels configured to use this certificate will be set to 'down'.

Recovery

Make sure the path specified in tmnxSecNotifFile is correct and the file exists.

tmnxPkiFileWriteFailed

Table 107. tmnxPkiFileWriteFailed properties

Property name

Value

Application name

SECURITY

Event ID

2109

Event name

tmnxPkiFileWriteFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.41

Default severity

minor

Message format string

File $tmnxSecNotifFile$ write failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiFileWriteFailed notification is generated when an attempt to write the file fails. Reason for the failure is indicated by the tmnxSecNotifFailureReason object.

Effect

The downloaded file is not saved to disk.

Recovery

Make sure the path specified in tmnxSecNotifFile is correct, file permission is writeable and there is sufficient disk space.

tmnxSecComputeCertChainFailure

Table 108. tmnxSecComputeCertChainFailure properties

Property name

Value

Application name

SECURITY

Event ID

2088

Event name

tmnxSecComputeCertChainFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.24

Default severity

warning

Message format string

Certificate chain of cert file $tmnxSecNotifFile$ is incomplete due to $tmnxSecNotifFailureReason$

Cause

The tmnxSecComputeCertChainFailure notification is generated when a compute chain-failure has occured.

Effect

The chain cannot be built for a configured certificate and the corresponding chain will be empty.

Recovery

Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

tmnxSecNotifFileReloaded

Table 109. tmnxSecNotifFileReloaded properties

Property name

Value

Application name

SECURITY

Event ID

2101

Event name

tmnxSecNotifFileReloaded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.34

Default severity

minor

Message format string

$tmnxSecNotifFileType$ file " $tmnxSecNotifFile$" has been reloaded.

Cause

The tmnxSecNotifFileReloaded notification is generated when the certificate or key indicated in tmnxSecNotifFile is reloaded. tmnxSecNotifFileType indicates whether a certificate or key has been reloaded.

Effect

The indicated certificate or key has been reloaded.

Recovery

None needed.

tmnxSecNotifKeyChainExpired

Table 110. tmnxSecNotifKeyChainExpired properties

Property name

Value

Application name

SECURITY

Event ID

2090

Event name

tmnxSecNotifKeyChainExpired

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.26

Default severity

minor

Message format string

Keychain $tmnxKeyChainName$: last entry has expired; called by $tmnxSecNotifOrigProtocol$

Cause

The tmnxSecNotifKeyChainExpired notification is generated when a protocol instance tries to use a keychain, for which the last key entry has expired.

Effect

N/A

Recovery

N/A

tmnxSecPwdHistoryFileLoadFailed

Table 111. tmnxSecPwdHistoryFileLoadFailed properties

Property name

Value

Application name

SECURITY

Event ID

2035

Event name

tmnxSecPwdHistoryFileLoadFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.35

Default severity

minor

Message format string

Failed to load the password history

Cause

The tmnxSecPwdHistoryFileLoadFailed notification is generated when the password history is enabled (tmnxPasswordHistory is not 0) for the first time and the system was unable to load and process the password history. Failure could be due to the following reasons or more: - This is the first time the password history is enabled on this system. - A previous attempt to store the password history failed. - Somebody removed or modified the password history file.

Effect

The system might not be able to compare the new user password with the user's password history from before the last reboot. If tmnxSecPwdHistLoadFailReason is set to 'notFound(1)', a new, empty history file will be created.

Recovery

Investigation might be warranted.

tmnxSecPwdHistoryFileWriteFailed

Table 112. tmnxSecPwdHistoryFileWriteFailed properties

Property name

Value

Application name

SECURITY

Event ID

2104

Event name

tmnxSecPwdHistoryFileWriteFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.36

Default severity

minor

Message format string

Failed to write the password history to disk

Cause

The tmnxSecPwdHistoryFileWriteFailed notification is generated when the system is unable to store the password history when an user's password is changed.

Effect

After a reboot, the system might not be able to compare the new user password with the user's password history.

Recovery

Ensure the compact flash is present, and all file permissions are correct.

tmnxSSHSessionFailed

Table 113. tmnxSSHSessionFailed properties

Property name

Value

Application name

SECURITY

Event ID

2240

Event name

tmnxSSHSessionFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.65

Default severity

minor

Message format string

SSH session failed from client $tmnxSecNotifyAddr$, reason '$tmnxSecSSHSessionFailedReason$'

Cause

The tmnxSSHSessionFailed notification is generated upon the failure of an SSH session establishment. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the source IP address of the user attempting to establish the SSH session. The value of the object tmnxSecSSHSessionFailedReason indicates the reason of the establishment failure.

Effect

SSH session is not established and connection is closed.

Recovery

No recovery action is required.

tmnxStateChange

Table 114. tmnxStateChange properties

Property name

Value

Application name

SECURITY

Event ID

2209

Event name

tmnxStateChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.11

Default severity

warning

Message format string

Status of $tmnxNotifyObjectName$ changed administrative state: $tmnxNotifyRowAdminState$, operational state: $tmnxNotifyRowOperState$

Cause

There was a change in either the adminstrative or operational state of a MIB table entry.

Effect

N/A

Recovery

No recovery is necessary.

tmnxSysLicenseExpiresSoon

Table 115. tmnxSysLicenseExpiresSoon properties

Property name

Value

Application name

SECURITY

Event ID

2092

Event name

tmnxSysLicenseExpiresSoon

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.60

Default severity

major

Message format string

The license installed on $tmnxHwIndex$ expires $tmnxSysLicenseTimeLeft$.

Cause

The tmnxSysLicenseExpiresSoon notification is generated when the license is due to expire soon.

Effect

The system will reboot at the end of the time remaining, as specified by tmnxSysLicenseTimeLeft.

Recovery

Configure a valid license file location and file name.

tmnxSysLicenseInvalid

Table 116. tmnxSysLicenseInvalid properties

Property name

Value

Application name

SECURITY

Event ID

2091

Event name

tmnxSysLicenseInvalid

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.59

Default severity

major

Message format string

Error - $tmnxSysLicenseErrorReason$ record. $tmnxHwIndex$ will $tmnxSysLicenseErrorAction$ $tmnxSysLicenseTimeLeft$.

Cause

The tmnxSysLicenseInvalid notification is generated when the license becomes invalid for the reason specified in tmnxSysLicenseErrorReason.

Effect

The CPM or system will reboot at the end of the time remaining, as specified by tmnxSysLicenseTimeLeft and tmnxSysLicenseErrorAction.

Recovery

Configure a valid license file location and file name, given the value of tmnxSysLicenseErrorReason.

tmnxSysLicenseValid

Table 117. tmnxSysLicenseValid properties

Property name

Value

Application name

SECURITY

Event ID

2102

Event name

tmnxSysLicenseValid

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.67

Default severity

warning

Message format string

$tmnxHwIndex$ is running with a valid license.

Cause

The tmnxSysLicenseValid notification is generated once after the system boots up and the license is determined by the system to be valid.

Effect

The system is running with the license specified in tmnxSysLicenseName.

Recovery

No recovery.

tmnxSystemPasswordChangedByAdmin

Table 118. tmnxSystemPasswordChangedByAdmin properties

Property name

Value

Application name

SECURITY

Event ID

2248

Event name

tmnxSystemPasswordChangedByAdmin

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.73

Default severity

minor

Message format string

User '$tmnxSecNotifyAdminUserName$' changed the local system ' $tmnxSecNotifyLocalSystemPassword$'

Cause

The tmnxSystemPasswordChangedByAdmin notification is generated upon the change of an administrative password by a user with administrative rights. The value of the object tmnxSecNotifyAdminUserName indicates the user name who changed the password. The value of the object tmnxSecNotifyLocalSystemPassword indicates the administrative password that was changed.

Effect

Users with administrative rights will be able to authenticate with the new password only.

Recovery

No recovery action is required.

tmnxUserPasswordChangedByAdmin

Table 119. tmnxUserPasswordChangedByAdmin properties

Property name

Value

Application name

SECURITY

Event ID

2239

Event name

tmnxUserPasswordChangedByAdmin

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.64

Default severity

minor

Message format string

User '$tmnxSecNotifyAdminUserName$' changed the password for user ' $tmnxSecNotifyLocalUserName$'

Cause

The tmnxUserPasswordChangedByAdmin notification is generated upon the change of a password of a local user by a user with administrative rights. The value of the object tmnxSecNotifyLocalUserName indicates the user name for which the password has been changed. The value of the object tmnxSecNotifyAdminUserName indicates the user name of the user who has changed the password.

Effect

Local user will be able to authenticate to the system with the new password only.

Recovery

No recovery action is required.

tmnxUsrProfSessionLimitExceeded

Table 120. tmnxUsrProfSessionLimitExceeded properties

Property name

Value

Application name

SECURITY

Event ID

2111

Event name

tmnxUsrProfSessionLimitExceeded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.43

Default severity

minor

Message format string

$tmnxSessionLimitExceededType$ of user profile ' $tmnxSessionLimitExceededName$' has been exceeded

Cause

The tmnxUsrProfSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the profile of which the user is a member has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the user profile of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded.

Effect

The user access session has not been established.

Recovery

An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxUserProfileTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's priviledges)

user_disconnect

Table 121. user_disconnect properties

Property name

Value

Application name

SECURITY

Event ID

2015

Event name

user_disconnect

SNMP notification prefix and OID

N/A

Default severity

major

Message format string

User $userName$ from $srcAddr$ logged out by $disconnectedBy$

Cause

A user was logged out by the administrator.

Effect

The user's console/telnet/ftp session terminated.

Recovery

No recovery is required

vRtrIfDcpDynamicConform

Table 122. vRtrIfDcpDynamicConform properties

Property name

Value

Application name

SECURITY

Event ID

2073

Event name

vRtrIfDcpDynamicConform

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.54

Default severity

warning

Message format string

Network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer=$vRtrIfDcpFpProtocol$(dynamic). Excd count= $vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicConform notification is generated when the protocol for a particular network-interface has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicEnforceAlloc

Table 123. vRtrIfDcpDynamicEnforceAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2078

Event name

vRtrIfDcpDynamicEnforceAlloc

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.59

Default severity

warning

Message format string

Dynamic $vRtrIfDcpFpProtocol$ policers allocated for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$.

Cause

The vRtrIfDcpDynamicEnforceAlloc notification is generated when a dynamic enforcement policer is allocated on a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected network-interface is not in conformance with the configured parameters of the associated distributed CPU protection policy and may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpDynamicEnforceFreed

Table 124. vRtrIfDcpDynamicEnforceFreed properties

Property name

Value

Application name

SECURITY

Event ID

2079

Event name

vRtrIfDcpDynamicEnforceFreed

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.60

Default severity

warning

Message format string

Dynamic $vRtrIfDcpFpProtocol$ policers freed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count= $vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicEnforceFreed notification is generated when a dynamic enforcement policer is freed on a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected network-interface is now in conformance with the configured parameters of the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicExcd

Table 125. vRtrIfDcpDynamicExcd properties

Property name

Value

Application name

SECURITY

Event ID

2067

Event name

vRtrIfDcpDynamicExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.48

Default severity

warning

Message format string

Non conformant network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicExcd notification is generated when the protocol on a particular network-interface has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpDynamicHoldDownEnd

Table 126. vRtrIfDcpDynamicHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2071

Event name

vRtrIfDcpDynamicHoldDownEnd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.52

Default severity

warning

Message format string

Hold-down completed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicHoldDownEnd notification is generated when a particular network-interface completes hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol for an affected network-interface will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicHoldDownStart

Table 127. vRtrIfDcpDynamicHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2069

Event name

vRtrIfDcpDynamicHoldDownStart

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.50

Default severity

warning

Message format string

Hold-down started for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicHoldDownStart notification is generated when a particular network-interface starts hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

vRtrIfDcpLocMonExcd

Table 128. vRtrIfDcpLocMonExcd properties

Property name

Value

Application name

SECURITY

Event ID

2074

Event name

vRtrIfDcpLocMonExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.55

Default severity

warning

Message format string

Local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected as non-conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count= $vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcd notification is generated when the local-monitoring-policer for a particular network-interface has transitioned from a conformant state to a non-conformant state and the system will attempt to allocate dymanic enforcement policers. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpLocMonExcdAllDynAlloc

Table 129. vRtrIfDcpLocMonExcdAllDynAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2076

Event name

vRtrIfDcpLocMonExcdAllDynAlloc

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.57

Default severity

warning

Message format string

All dynamic policers allocated for local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcdAllDynAlloc notification is generated when all dynamic enforcement policers associated with a non-conformant local-monitoring-policer have been successfully allocated for a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configure to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpLocMonExcdAllDynFreed

Table 130. vRtrIfDcpLocMonExcdAllDynFreed properties

Property name

Value

Application name

SECURITY

Event ID

2077

Event name

vRtrIfDcpLocMonExcdAllDynFreed

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.58

Default severity

warning

Message format string

All dynamic policers freed for local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$.

Cause

The vRtrIfDcpLocMonExcdAllDynFreed notification is generated for a particular network-interface when all the previously allocated dynamic enforcement policers for a particular local-monitoring-policer on the associated distributed CPU protection policy have been freed up and all the protocols are once again being monitored by local-monitor. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform.

Recovery

There is no recovery required for this notification.

vRtrIfDcpLocMonExcdDynResource

Table 131. vRtrIfDcpLocMonExcdDynResource properties

Property name

Value

Application name

SECURITY

Event ID

2075

Event name

vRtrIfDcpLocMonExcdDynResource

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.56

Default severity

warning

Message format string

Local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected as non-conformant at $vRtrIfDcpTimeEventOccured$ and cannot allocate dynamic policers. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcdDynResource notification is generated when the local-monitoring-policer for a particular network-interface has transitioned from a conformant state to a non-conformant state and the system cannot allocate all the dynamic enforcements policers associated with the distributed CPU protection policy . This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface or to the dynamic enforcement policer pool (TIMETRA-CHASSIS-MIB.mib::tmnxFPDCpuProtDynEnfrcPlcrPool).

vRtrIfDcpStaticConform

Table 132. vRtrIfDcpStaticConform properties

Property name

Value

Application name

SECURITY

Event ID

2072

Event name

vRtrIfDcpStaticConform

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.53

Default severity

warning

Message format string

Network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer=$vRtrIfDcpFpStaticPlcrName$(static). Excd count= $vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticConform notification is generated when the static-policer for a particular network-interface has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpStaticExcd

Table 133. vRtrIfDcpStaticExcd properties

Property name

Value

Application name

SECURITY

Event ID

2066

Event name

vRtrIfDcpStaticExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.47

Default severity

warning

Message format string

Non conformant network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticExcd notification is generated when the static-policer on a particular network-interface has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpStaticHoldDownEnd

Table 134. vRtrIfDcpStaticHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2070

Event name

vRtrIfDcpStaticHoldDownEnd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.51

Default severity

warning

Message format string

Hold-down completed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticHoldDownEnd notification is generated when a particular network-interface completes hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer for an affected network-interface will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

vRtrIfDcpStaticHoldDownStart

Table 135. vRtrIfDcpStaticHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2068

Event name

vRtrIfDcpStaticHoldDownStart

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.49

Default severity

warning

Message format string

Hold-down started for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticHoldDownStart notification is generated when a particular network-interface starts hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.