SECURITY

Application name

SECURITY

Event ID

2001

Event name

cli_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2003

Event name

cli_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2004

Event name

cli_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.46

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserCliLoginMaxAttempts notification is generated when a user attempting to open a CLI session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a CLI session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a CLI session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

Application name

SECURITY

Event ID

2002

Event name

cli_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2022

Event name

enable_admin

SNMP notification prefix and OID

N/A

Default severity

warning

Source stream

security

Message format string

User $userName$ from $srcAddr$ successfully entered into admin enable mode

Cause

A user successfully entered into the admin enable mode.

Effect

A user access session is started.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2021

Event name

ftp_transfer_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ failed.

Cause

A FTP/TFTP transfer failed.

Effect

N/A

Recovery

No recovery is required

Application name

SECURITY

Event ID

2020

Event name

ftp_transfer_successful

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ completed successfully.

Cause

A FTP/TFTP transfer completed successfully.

Effect

N/A

Recovery

No recovery is required

Application name

SECURITY

Event ID

2005

Event name

ftp_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

A user access session was started

Recovery

No recovery is required

Application name

SECURITY

Event ID

2007

Event name

ftp_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2008

Event name

ftp_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.47

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserFtpLoginMaxAttempts notification is generated when a user attempting to connect via FTP failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via FTP. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via FTP.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is terminated.

Recovery

No recovery action is required.

Application name

SECURITY

Event ID

2006

Event name

ftp_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2229

Event name

grpc_auth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC authorized

Cause

The user called an authorized RPC in the gRPC interface.

Effect

The RPC was processed.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2230

Event name

grpc_unauth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC unauthorized

Cause

The user called an unauthorized RPC in the gRPC interface.

Effect

The RPC was not processed.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2117

Event name

grpc_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

A user access session was started

Recovery

No recovery is required

Application name

SECURITY

Event ID

2119

Event name

grpc_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2120

Event name

grpc_user_login_max_attempts

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User from $srcAddr$ attempted more than $maxAttempts$ times to log in, user is locked out

Cause

A user failed to authenticate in more than the permitted number of retries.

Effect

The gRPC session was terminated.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2118

Event name

grpc_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2023

Event name

host_snmp_attempts

SNMP notification prefix and OID

N/A

Default severity

warning

Source stream

security

Message format string

Host $hostAddress$ is locked out for $lockoutTime$ minutes since it exceeded the configured threshold of unsuccessful SNMP connection attempts.

Cause

The remote SNMP host exceeded the configured attempts.

Effect

The remote SNMP host is locked out and the router will not respond to further SNMP requests from the host.

Recovery

N/A

Application name

SECURITY

Event ID

2019

Event name

mafEntryMatch

SNMP notification prefix and OID

N/A

Default severity

major

Source stream

security

Message format string

Description: $mafEntryDescription$

.There have been $mafEntryDropped$ matches since the previously logged match.

Interface: $sourceInterface$, action: $mafEntryAction$

$mafEntryProtocol$

Cause

A match has been found for an entry in the management access filter.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2223

Event name

md_cli_io

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Possible messages:

• User $userName$ from $srcAddr$ [session ID $sessionId$]: $command$

• User $userName$ from $srcAddr$ [session ID $sessionId$]: $prompt$ $command$

Cause

The user entered an authorized command in the MD-CLI.

Effect

The CLI command was processed in the MD-CLI engine.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2224

Event name

md_cli_unauth_io

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Possible messages:

• User $userName$ from $srcAddr$ [session ID $sessionId$]. Command not allowed for this user: $command$

• User $userName$ from $srcAddr$ [session ID $sessionId$]. Command not allowed for this user: $prompt$ $command$

Cause

The user entered an unauthorized command in the MD-CLI.

Effect

The MD-CLI command was not processed.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2227

Event name

netconf_auth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC authorized

Cause

The user called an authorized RPC in the NETCONF interface.

Effect

The RPC was processed.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2228

Event name

netconf_unauth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC unauthorized

Cause

The user called an unauthorized RPC in the NETCONF interface.

Effect

The RPC was not processed.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2121

Event name

netconf_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2123

Event name

netconf_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2124

Event name

netconf_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.55

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserNetconfLoginMaxAttempts notification is generated when a user attempting to open a netconf session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a netconf session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a netconf session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

Application name

SECURITY

Event ID

2122

Event name

netconf_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2026

Event name

radiusInetServerOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.36

Default severity

minor

Source stream

security

Message format string

RADIUS server $radiusServerInetAddress$ operational status changed to $radiusServerOperStatus$.

Cause

The operational status of a RADIUS server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2014

Event name

radiusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.7

Default severity

minor

Source stream

security

Message format string

RADIUS operational status changed to $radiusOperStatus$

Cause

The radiusOperStatus has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2016

Event name

radiusSystemIpAddrNotSet

SNMP notification prefix and OID

N/A

Default severity

major

Source stream

security

Message format string

System IP address is not configured

Cause

A user attempted authentication through RADIUS but the system IP address is not configured.

Effect

Cannot authenticate the user using RADIUS.

Recovery

Configure the system IP address.

Application name

SECURITY

Event ID

2220

Event name

radiusUserProfileInvalid

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Invalid $attrType$ '$attrValue$' received from RADIUS server for user '$userName$'

Cause

The RADIUS server provided invalid user profile entry.

Effect

The RADIUS user will not be authorized to execute any commands.

Recovery

The RADIUS server configuration needs to be updated to contain only valid user profile entries.

Application name

SECURITY

Event ID

2059

Event name

sapDcpDynamicConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.46

Default severity

warning

Source stream

security

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicConform notification is generated when the protocol for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2064

Event name

sapDcpDynamicEnforceAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.51

Default severity

warning

Source stream

security

Message format string

Dynamic $sapDcpFpProtocol$ policers allocated for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpDynamicEnforceAlloc notification is generated when a dynamic enforcement policer is allocated on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is not in conformance with the configured parameters of the associated distributed CPU protection policy and may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

Application name

SECURITY

Event ID

2065

Event name

sapDcpDynamicEnforceFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.52

Default severity

warning

Source stream

security

Message format string

Dynamic $sapDcpFpProtocol$ policers freed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicEnforceFreed notification is generated when a dynamic enforcement policer is freed on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is now in conformance with the configured parameters of the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2053

Event name

sapDcpDynamicExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.40

Default severity

warning

Source stream

security

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicExcd notification is generated when the protocol on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

Application name

SECURITY

Event ID

2057

Event name

sapDcpDynamicHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.44

Default severity

warning

Source stream

security

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2055

Event name

sapDcpDynamicHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.42

Default severity

warning

Source stream

security

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2060

Event name

sapDcpLocMonExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.47

Default severity

warning

Source stream

security

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcd notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system will attempt to allocate dynamic enforcement policers. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

Application name

SECURITY

Event ID

2062

Event name

sapDcpLocMonExcdAllDynAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.49

Default severity

warning

Source stream

security

Message format string

All dynamic policers allocated for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdAllDynAlloc notification is generated when all dynamic enforcement policers associated with a non-conformant local-monitoring-policer have been successfully allocated for a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configure to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

Application name

SECURITY

Event ID

2063

Event name

sapDcpLocMonExcdAllDynFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.50

Default severity

warning

Source stream

security

Message format string

All dynamic policers freed for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpLocMonExcdAllDynFreed notification is generated for a particular SAP when all the previously allocated dynamic enforcement policers for a particular local-monitoring-policer on the associated distributed CPU protection policy have been freed up and all the protocols are once again being monitored by local-monitor. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2061

Event name

sapDcpLocMonExcdDynResource

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.48

Default severity

warning

Source stream

security

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$ and cannot allocate dynamic policers. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdDynResource notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system cannot allocate all the dynamic enforcements policers associated with the distributed CPU protection policy . This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP or to the dynamic enforcement policer pool(TIMETRA-CHASSIS-MIB.mib::tmnxFPDCpuProtDynEnfrcPlcrPool).

Application name

SECURITY

Event ID

2058

Event name

sapDcpStaticConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.45

Default severity

warning

Source stream

security

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count=$sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticConform notification is generated when the static-policer for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2052

Event name

sapDcpStaticExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.39

Default severity

warning

Source stream

security

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticExcd notification is generated when the static-policer on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

Application name

SECURITY

Event ID

2056

Event name

sapDcpStaticHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.43

Default severity

warning

Source stream

security

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2054

Event name

sapDcpStaticHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.41

Default severity

warning

Source stream

security

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2024

Event name

SSH_server_preserve_key_fail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.1

Default severity

minor

Source stream

security

Message format string

Persistence of SSH server host key failed on $tmnxCpmFlashHwIndex$ with operational status $tmnxCpmFlashOperStatus$.

Cause

Persistence of the SSH server host keys failed.

Effect

The SSH server host key will differ after reboot. The remote server host key will not be stored across reboots.

Recovery

N/A

Application name

SECURITY

Event ID

2009

Event name

ssh_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

The user access session was started.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2011

Event name

ssh_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

Application name

SECURITY

Event ID

2012

Event name

ssh_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.48

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserSshLoginMaxAttempts notification is generated when a user attempting to connect via SSH failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via SSH. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via SSH.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is terminated.

Recovery

No recovery action is required.

Application name

SECURITY

Event ID

2010

Event name

ssh_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

Application name

SECURITY

Event ID

2086

Event name

sysDNSSecFailedAuthentication

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.57

Default severity

warning

Source stream

security

Message format string

Possible messages:

• Received response for ' $tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response accepted

• Received response for '$tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response dropped

Cause

The sysDNSSecFailedAuthentication notification is generated when a DNS response PDU is received with an unset AD-bit and sysDNSSecAdValidation is set to 'true (1)'.

Effect

This notification is informational only. The message will vary depending on the state of sysDNSSecRespCtrl.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2025

Event name

tacplusInetSrvrOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.35

Default severity

minor

Source stream

security

Message format string

TACACS+ server $tacPlusServerInetAddress$ operational status changed to $tacplusServerOperStatus$.

Cause

The operational status of a TACACS+ server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2018

Event name

tacplusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.20

Default severity

minor

Source stream

security

Message format string

TACACS+ operational status changed to $tacplusOperStatus$.

Cause

The TACACS+ operational status has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2116

Event name

tmnxAppPkiCertVerificationFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.54

Default severity

minor

Source stream

security

Message format string

$tmnxSecNotifClientAppName$ : Certificate $tmnxSecNotifCert$ verification failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxAppPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails for a non-IPsec application.

Effect

Fail to establish a secured connection with the remote entity.

Recovery

Make sure the certificate specified in tmnxSecNotifCert is a valid certificate and an appropriate trust anchor is configured.

Application name

SECURITY

Event ID

2045

Event name

tmnxCAProfileStateChange

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.18

Default severity

minor

Source stream

security

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ $tmnxSecNotifFailureReason$

Cause

The tmnxCAProfileStateChange notification is generated when Certificate Authority profile changes state to 'down' due to tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain in this state until a corrective action is taken.

Recovery

Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

Application name

SECURITY

Event ID

2094

Event name

tmnxCAProfUpDueToRevokeChkCrlOpt

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.27

Default severity

minor

Source stream

security

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ regardless of $tmnxSecNotifFailureReason$ due to crl-optional is set

Cause

The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated when Certificate Authority profile changes state to 'up' due to tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain up.

Recovery

Errors described in tmnxSecNotifFailureReason should still be corrected.

Application name

SECURITY

Event ID

2233

Event name

tmnxCertExport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.58

Default severity

minor

Source stream

security

Message format string

admin certificate export type $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertExport notification is generated when a user exports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2232

Event name

tmnxCertImport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.57

Default severity

minor

Source stream

security

Message format string

admin certificate import type $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertImport notification is generated when a user imports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2231

Event name

tmnxCertKeyPairGen

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.56

Default severity

minor

Source stream

security

Message format string

Possible messages:

• admin certificate gen-keypair $tmnxSecNotifyUrl$ curve $tmnxSecNotifyCurve$ : $tmnxSecEventOutcome$

• admin certificate gen-keypair $tmnxSecNotifyUrl$ size $tmnxSecNotifyKeySize$ type $tmnxSecNotifyKeyType$ : $tmnxSecEventOutcome$

Cause

A tmnxCertKeyPairGen notification is generated when a user generates a cryptographic key with the admin certificate command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2112

Event name

tmnxCliGroupSessionLimitExceeded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.44

Default severity

minor

Source stream

security

Message format string

$tmnxSessionLimitExceededType$ of CLI session group ' $tmnxSessionLimitExceededName$' has been exceeded

Cause

The tmnxCliGroupSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the CLI session group of which the user is an indirect member (as a member of a user profile that is a member of the CLI session group) has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the CLI session group of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded.

Effect

The user access session has not been established.

Recovery

An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxCliSessionGroupTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's privileges) 4) revoke the session group membership for the particular profile

Application name

SECURITY

Event ID

2207

Event name

tmnxConfigCreate

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.9

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ managed object created

Cause

A new row entry was created in one of the MIB tables. This event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2208

Event name

tmnxConfigDelete

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.10

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ managed object deleted

Cause

An existing row entry in one of the MIB tables is deleted. This event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2206

Event name

tmnxConfigModify

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.8

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ configuration modified

Cause

A configuration attribute associated with a row entry in a MIB table was modified. this event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2037

Event name

tmnxCpmProtDefPolModified

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.11

Default severity

minor

Source stream

security

Message format string

Default policy $tmnxCpmProtPolId$ being modified by user.

Cause

User modifies default access or default network policy.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2041

Event name

tmnxCpmProtExcdSapEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.14

Default severity

warning

Source stream

security

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSapEcmOpCode$ domain level $tmnxCpmProtExcdSapEcmLevel$ MAC $tmnxCpmProtExcdSapEcmMac$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local SAP at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the SAP was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

Application name

SECURITY

Event ID

2046

Event name

tmnxCpmProtExcdSapIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.19

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSapIpAddr$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapIp notification is generated when a source (identified by an IP address) sends a packet stream to a local SAP at a rate which exceeds the SAP's configured per-source-rate. [EFFECT] One or more packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, OR increase the locally configured per-source-rate for the SAP, OR disable per-IP-source rate limiting on the SAP by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'.

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2040

Event name

tmnxCpmProtExcdSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.13

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtExcdSdpBindMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBind notification is generated when a source (identified by a MAC address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

Application name

SECURITY

Event ID

2042

Event name

tmnxCpmProtExcdSdpBindEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.15

Default severity

warning

Source stream

security

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSdpBindEcmOpCode$ domain level $tmnxCpmProtExcdSdpBindEcmLevel$ MAC $tmnxCpmProtExcdSdpBindEcmMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

Application name

SECURITY

Event ID

2087

Event name

tmnxCpmProtExcdSdpBindIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.23

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSdpBindIpAddr$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindIp notification is generated when a source (identified by an IP address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

Application name

SECURITY

Event ID

2030

Event name

tmnxCpmProtViolIf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.5

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for an interface and notifications are enabled. The overall packet arrival rate limit is specified by the managed object tmnxCpmProtPolOverallRateLimit of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId. Notifications are enabled if the value of the managed object tmnxCpmProtPolAlarm of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPolOverallRateLimit. Additional information can be retrieved in the SNMP table tmnxCpmProtViolIfTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2085

Event name

tmnxCpmProtViolIfOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.22

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolIfOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this interface.

Application name

SECURITY

Event ID

2032

Event name

tmnxCpmProtViolMac

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.7

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtViolMacAddress$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-source rate limit violation was detected for a source, and notifications are enabled. The per-source rate limit is specified by the object tmnxCpmProtPolPerSrcRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolPerSrcRateLimit Additional information can be retrieved in the table tmnxCpmProtExcdTable.

Effect

While the per-source rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2028

Event name

tmnxCpmProtViolPort

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.3

Default severity

warning

Source stream

security

Message format string

Link-specific packet arrival rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A link-specific packet arrival rate limit violation was detected for a port. The link-specific packet arrival rate limit is specified by the managed object tmnxCpmProtLinkRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtLinkRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some packets from link-specific protocols are dropped.

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2029

Event name

tmnxCpmProtViolPortAgg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.4

Default severity

warning

Source stream

security

Message format string

Per-port overall packet rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-port overall packet rate limit violation was detected for a port. The per-port overall packet rate limit is specified by the managed object tmnxCpmProtPortOverallRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPortOverallRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2031

Event name

tmnxCpmProtViolSap

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.6

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for a SAP and notifications are enabled. The overall packet arrival rate limit is specified by the object tmnxCpmProtPolOverallRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolOverallRateLimit Additional information can be retrieved in the table tmnxCpmProtViolSapTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2084

Event name

tmnxCpmProtViolSapOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.21

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSapOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SAP.

Application name

SECURITY

Event ID

2039

Event name

tmnxCpmProtViolSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.12

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBind notification is generated when the packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's configured overall-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured overall-rate for the SDP.

Application name

SECURITY

Event ID

2089

Event name

tmnxCpmProtViolSdpBindOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.25

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBindOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SDP binding.

Application name

SECURITY

Event ID

2033

Event name

tmnxCpmProtViolVdoSvcClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.8

Default severity

warning

Source stream

security

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoSvcCltAddr$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2034

Event name

tmnxCpmProtViolVdoVrtrClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.9

Default severity

warning

Source stream

security

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoVrtrCltAddr$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2080

Event name

tmnxDcpCardFpEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.72

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection FP log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflw notification is generated when a flood of distributed CPU protection events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

Application name

SECURITY

Event ID

2049

Event name

tmnxDcpCardFpEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.77

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection FP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflwClr notification is generated when the event throttling has ended for distributed CPU protection FP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

Application name

SECURITY

Event ID

2081

Event name

tmnxDcpCardSapEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.73

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection SAP log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflw notification is generated when a flood of distributed CPU protection SAP events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some SAP notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

Application name

SECURITY

Event ID

2050

Event name

tmnxDcpCardSapEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.78

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection SAP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflwClr notification is generated when the event throttling has ended for distributed CPU protection SAP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

Application name

SECURITY

Event ID

2082

Event name

tmnxDcpCardVrtrIfEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.74

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection Network_if log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflw notification is generated when a flood of distributed CPU protection network-interface events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some network-interface notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

Application name

SECURITY

Event ID

2051

Event name

tmnxDcpCardVrtrIfEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.79

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection Netwk_if log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflwClr notification is generated the when event throttling has ended for distributed CPU protection network-interface events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

Application name

SECURITY

Event ID

2048

Event name

tmnxDcpFpDynPoolUsageHiAlmClear

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.76

Default severity

warning

Source stream

security

Message format string

Dynamic Enforcement Pool OK again on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmClear notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is no longer exhausted.

Effect

Dynamic enforcement policers are available in the free pool to be allocated when needed.

Recovery

There is no recovery required for this notification.

Application name

SECURITY

Event ID

2047

Event name

tmnxDcpFpDynPoolUsageHiAlmRaise

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.75

Default severity

warning

Source stream

security

Message format string

Dynamic Enforcement Pool nearly (or fully) exhausted on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmRaise notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is nearly exhausted.

Effect

Dynamic enforcement policers may not get allocated on the forwarding plane.

Recovery

This notification will be cleared when either the dynamic enforcement policer pool is increased or the usage drops.

Application name

SECURITY

Event ID

2236

Event name

tmnxFileCopied

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.61

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ copy to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileCopied notification is generated when a user copies a file through the file command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2234

Event name

tmnxFileDeleted

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.59

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ delete : $tmnxSecEventOutcome$

Cause

A tmnxFileDeleted notification is generated when a user deletes a file through the file command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2235

Event name

tmnxFileMoved

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.60

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ move to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileMoved notification is generated when a user moves a file through the file command

Effect

N/A

Recovery

N/A

Application name

SECURITY

Event ID

2237

Event name

tmnxFileUnzip

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.62

Default severity

minor

Source stream

security

Message format string

File unzip operation completed with source $tmnxSecNotifyUrl$ destination $tmnxSecNotifyDestUrl$ and result $tmnxSecNotifFileUnzipResult$

Cause

The tmnxFileUnzip notification is generated upon the completion of an unzip operation of the source ZIP file specified by tmnxSecNotifyUrl to the destination location specified by tmnxSecNotifyDestUrl.

Effect

The result is indicated by the value of tmnxSecNotifFileUnzipResult as follows: success (0) - unzip is successful. partialSuccess (1) - unzip is partially successful, skipped some files. sourceNotFound (2) - failed - cannot find the ZIP file. sourceNotSupported (3) - failed - ZIP file is not supported. destNotFound (4) - failed - cannot find the destination URL. destFull (5) - failed - destination storage is full. fileTooBig (6) - failed - file size exceeds limit. otherFailure (7) - failed - another reason.

Recovery

No recovery action if tmnxSecNotifFileUnzipResult is success (0). Otherwise, depending on the indicated failure, corrective action should be taken before attempting another unzip operation.

Application name

SECURITY

Event ID

2027

Event name

tmnxKeyChainAuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.2

Default severity

minor

Source stream

security

Message format string

Incoming packet from source address $tmnxKeyChainAuthAddress$ virtual router $vRtrID$ dropped due to key chain authentication failure and possible reason is $tmnxKeyChainAuthFailReason$.

Cause

The incoming packet was dropped due to key chain authentication failure. Failure could be due to the following reasons or more: - Send packet had no auth keychain but recv side had keychain enabled. - Keychain key id's did not match. - Keychain key digest mismatch. - Received packet with and invalid enhanced authentication option length. - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2036

Event name

tmnxMD5AuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.10

Default severity

minor

Source stream

security

Message format string

Incoming packet from source address $tmnxMD5AuthAddr$ virtual router $vRtrID$ dropped due to MD5 authentication failure and possible reason is $tmnxMD5AuthFailReason$.

Cause

The incoming packet was dropped due to MD5 authentication failure. Failure is due to digest mismatch.

Effect

N/A

Recovery

No recovery is necessary.

Application name

SECURITY

Event ID

2238

Event name

tmnxPasswordHashingChanged

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.63

Default severity

minor

Source stream

security

Message format string

Password hashing changed from $tmnxSecNotifOldPasswordHashing$ to $tmnxSecNotifNewPasswordHashing$

Cause

The tmnxPasswordHashingChanged notification is generated upon the change of password hashing algorithm (tmnxPasswordHashing). The value of the object tmnxSecNotifNewPasswordHashing indicates the new password hashing algorithm. The value of the object tmnxSecNotifOldPasswordHashing indicates the new password hashing algorithm.

Effect

Users will be prompted to change their password upon log in to the system. All newly stored user passwords will be hashed by the algorithm defined by tmnxPasswordHashing.

Recovery

No recovery action is required.

Application name

SECURITY

Event ID

2083

Event name

tmnxPkiCAProfActnStatusChg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.20

Default severity

minor

Source stream

security

Message format string

$tmnxPkiCAProfActnType$ for ca-profile ($tmnxPkiCAProfile$) $tmnxPkiCAProfActnStatus$. ca-response: $tmnxCAProfActnStatusCode$. $tmnxPkiCAProfActnStatusString$

Cause

The tmnxPkiCAProfActnStatusChg notification is generated when tmnxPkiCAProfActnStatus changes status. More information is available through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode.

Effect

This is due to the action performed using tmnxPkiCAProfActnTable.

Recovery

Depending on the information available in this trap, another tmnxPkiCAProfActnType request may be issued by correcting the parameters in the tmnxPkiCAProfActnTable.

Application name

SECURITY

Event ID

2108

Event name

tmnxPkiCAProfCrlUpdAllUrlsFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.40

Default severity

minor

Source stream

security

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$), the last of all the URLs for CA profile $tmnxPkiCAProfile$, due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated when the CRL update operation failed after attempting all URLs for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable.

Effect

When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop attempting to update the CRL file. The system will attempt to download the same CRL file starting from the first URL in the URL list again after 1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or 2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

Application name

SECURITY

Event ID

2105

Event name

tmnxPkiCAProfCrlUpdateStart

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.37

Default severity

minor

Source stream

security

Message format string

Started updating the CRL file for CA profile $tmnxPkiCAProfileNameForNotify$

Cause

A tmnxPkiCAProfCrlUpdateStart notification is generated when a CRL update operation is started for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

The system is downloading the CRL file from a URL, which is configured via tmnxPkiCAProfUrlTable.

Recovery

No recovery is required for this notification.

Application name

SECURITY

Event ID

2106

Event name

tmnxPkiCAProfCrlUpdateSuccess

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.38

Default severity

minor

Source stream

security

Message format string

A CRL file was successfully updated from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$) for CA profile $tmnxPkiCAProfile$

Cause

A tmnxPkiCAProfCrlUpdateSuccess notification is generated when a new valid CRL file is successfully updated for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

tmnxPkiCAProfileCRLFile will be replaced if the downloaded CRL file qualified. The cases that a downloaded CRL does not qualify are explained in the description clause of tmnxPkiCAProfAtCrlUpdScheduleT.

Recovery

No recovery is required for this notification.

Application name

SECURITY

Event ID

2107

Event name

tmnxPkiCAProfCrlUpdateUrlFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.39

Default severity

minor

Source stream

security

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$) due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when the CRL update operation has failed after attempting the indicated URL for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable. A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the last one in the URL list for an existing CA Profile. In such case, a tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent.

Effect

The system will attempt to download the CRL file from the next URL in the URL list.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

Application name

SECURITY

Event ID

2113

Event name

tmnxPkiCAProfCrlUpdLargPreUpdTm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.45

Default severity

minor

Source stream

security

Message format string

The CRL pre-update time for CA profile $tmnxPkiCAProfileNameForNotify$ might be too large

Cause

A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated when the 'nextUpdate' time of a newly downloaded CRL is earlier than the last successful update time or the time of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update time. The last successful update time is stored in tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured via tmnxPkiCAProfAtCrlUpdPreUpdTime.

Effect

The system will update the CRL again in tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately.

Recovery

Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less than (the 'nextUpdate' value of the newly downloaded CRL - the last successful update time). The ideal value would be a value slightly lower than the CRL overlap period to avoid unnecessary download attempts. No recovery is needed for if the notification is generated in case of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'.

Application name

SECURITY

Event ID

2110

Event name

tmnxPkiCAProfCrlUpdNoNxtUpdTime

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.42

Default severity

minor

Source stream

security

Message format string

No further scheduled CRL update for CA profile $tmnxPkiCAProfileNameForNotify$ since either 1) the CRL update retry interval is not configured, or 2) 'nextUpdate' field is missing from the CRL, or 3) the 'nextUpdate' value is beyond the limit of the system

Cause

A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and one of the following conditions is true: 1) The 'nextUpdate' field is missing from the CRL file or contains a value that is beyond the limit of the system 2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured URLs work or contain a CRL that qualifies from the first scheduled update.

Effect

The system will not download a new CRL file.

Recovery

Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if the system is to check for an updated CRL every tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'.

Application name

SECURITY

Event ID

2093

Event name

tmnxPkiCAProfRevokeChkWarning

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$tmnxSecNotifTunnelName$ : CRL check skipped for $skippedCert$ issued by ca-profile $tmnxPkiCAProfile$ while verifying EE cert $eeCertSubject$ due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiCAProfRevokeChkWarning notification is generated whenever a CRL verification is skipped during chain/ee certificate verification. This event is throttled.

Effect

System did not verify revocation status on the subject certificate.

Recovery

Check the value of tmnxPkiCAProfRevokeChk object for this CA profile if it is not expected.

Application name

SECURITY

Event ID

2096

Event name

tmnxPkiCertAfterExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.29

Default severity

minor

Source stream

security

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ has expired.

Cause

The tmnxPkiCertAfterExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile has expired.

Effect

The indicated certificate has expired.

Recovery

Replace the indicated file with an updated certificate.

Application name

SECURITY

Event ID

2095

Event name

tmnxPkiCertBeforeExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.28

Default severity

minor

Source stream

security

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ will expire in $tmnxPkiExpRemainingHours$ hour(s) and $tmnxPkiExpRemainingMinutes$ minute(s).

Cause

The tmnxPkiCertBeforeExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes.

Effect

The indicated certificate will expire.

Recovery

Replace the indicated file with an updated certificate.

Application name

SECURITY

Event ID

2251

Event name

tmnxPkiCertChainCompareCaNoMatch

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.74

Default severity

minor

Source stream

main

Message format string

Compute chain for certificate file '$tmnxPkiCertFileNameNotif$': No chain contains certificate with subject DN ' $tmnxPkiCertSubjectNotif$', serial '$tmnxPkiCertSerialNumberNotif$'. Returning the first valid chain.

Cause

The tmnxPkiCertChainCompareCaNoMatch notification is generated when a compute chain for a certificate file does not include the expected (configured) CA.

Effect

The first valid chain was selected.

Recovery

Check compare chain include CA configuration (tIPsecCertProfEntryIdCompChainCa).

Application name

SECURITY

Event ID

2097

Event name

tmnxPkiCertExpWarningCleared

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.30

Default severity

minor

Source stream

security

Message format string

Expiration warning for certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ is no longer applicable because of the following reason: $tmnxPkiExpReason$.

Cause

The tmnxPkiCertExpWarningCleared notification is generated when the expiration warning for the certificate indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason.

Effect

The indicated certificate is no longer going to expire.

Recovery