SECURITY

cli_user_login

Table 1. cli_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2001

Event name

cli_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

cli_user_login_failed

Table 2. cli_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2003

Event name

cli_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

cli_user_login_max_attempts

Table 3. cli_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2004

Event name

cli_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.46

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserCliLoginMaxAttempts notification is generated when a user attempting to open a CLI session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a CLI session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a CLI session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

cli_user_logout

Table 4. cli_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2002

Event name

cli_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

enable_admin

Table 5. enable_admin properties

Property name

Value

Application name

SECURITY

Event ID

2022

Event name

enable_admin

SNMP notification prefix and OID

N/A

Default severity

warning

Source stream

security

Message format string

User $userName$ from $srcAddr$ successfully entered into admin enable mode

Cause

A user successfully entered into the admin enable mode.

Effect

A user access session is started.

Recovery

No recovery is required

ftp_transfer_failed

Table 6. ftp_transfer_failed properties

Property name

Value

Application name

SECURITY

Event ID

2021

Event name

ftp_transfer_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ failed.

Cause

A FTP/TFTP transfer failed.

Effect

N/A

Recovery

No recovery is required

ftp_transfer_successful

Table 7. ftp_transfer_successful properties

Property name

Value

Application name

SECURITY

Event ID

2020

Event name

ftp_transfer_successful

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$appType$ of $fileName$ initiated by $userName$ from $srcAddr$ to $dstAddr$ completed successfully.

Cause

A FTP/TFTP transfer completed successfully.

Effect

N/A

Recovery

No recovery is required

ftp_user_login

Table 8. ftp_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2005

Event name

ftp_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

A user access session was started

Recovery

No recovery is required

ftp_user_login_failed

Table 9. ftp_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2007

Event name

ftp_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

ftp_user_login_max_attempts

Table 10. ftp_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2008

Event name

ftp_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.47

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserFtpLoginMaxAttempts notification is generated when a user attempting to connect via FTP failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via FTP. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via FTP.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is terminated.

Recovery

No recovery action is required.

ftp_user_logout

Table 11. ftp_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2006

Event name

ftp_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

grpc_auth

Table 12. grpc_auth properties

Property name

Value

Application name

SECURITY

Event ID

2229

Event name

grpc_auth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC authorized

Cause

The user called an authorized RPC in the gRPC interface.

Effect

The RPC was processed.

Recovery

No recovery is required.

grpc_unauth

Table 13. grpc_unauth properties

Property name

Value

Application name

SECURITY

Event ID

2230

Event name

grpc_unauth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC unauthorized

Cause

The user called an unauthorized RPC in the gRPC interface.

Effect

The RPC was not processed.

Recovery

No recovery is required.

grpc_user_login

Table 14. grpc_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2117

Event name

grpc_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

A user access session was started

Recovery

No recovery is required

grpc_user_login_failed

Table 15. grpc_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2119

Event name

grpc_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

grpc_user_login_max_attempts

Table 16. grpc_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2120

Event name

grpc_user_login_max_attempts

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User from $srcAddr$ attempted more than $maxAttempts$ times to log in, user is locked out

Cause

A user failed to authenticate in more than the permitted number of retries.

Effect

The gRPC session was terminated.

Recovery

No recovery is required.

grpc_user_logout

Table 17. grpc_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2118

Event name

grpc_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

host_snmp_attempts

Table 18. host_snmp_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2023

Event name

host_snmp_attempts

SNMP notification prefix and OID

N/A

Default severity

warning

Source stream

security

Message format string

Host $hostAddress$ is locked out for $lockoutTime$ minutes since it exceeded the configured threshold of unsuccessful SNMP connection attempts.

Cause

The remote SNMP host exceeded the configured attempts.

Effect

The remote SNMP host is locked out and the router will not respond to further SNMP requests from the host.

Recovery

N/A

mafEntryMatch

Table 19. mafEntryMatch properties

Property name

Value

Application name

SECURITY

Event ID

2019

Event name

mafEntryMatch

SNMP notification prefix and OID

N/A

Default severity

major

Source stream

security

Message format string

Description: $mafEntryDescription$

.There have been $mafEntryDropped$ matches since the previously logged match.

Interface: $sourceInterface$, action: $mafEntryAction$

$mafEntryProtocol$

Cause

A match has been found for an entry in the management access filter.

Effect

N/A

Recovery

No recovery is necessary.

md_cli_io

Table 20. md_cli_io properties

Property name

Value

Application name

SECURITY

Event ID

2223

Event name

md_cli_io

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Possible messages:

  • User $userName$ from $srcAddr$ [session ID $sessionId$]: $command$

  • User $userName$ from $srcAddr$ [session ID $sessionId$]: $prompt$ $command$

Cause

The user entered an authorized command in the MD-CLI.

Effect

The CLI command was processed in the MD-CLI engine.

Recovery

No recovery is required.

md_cli_unauth_io

Table 21. md_cli_unauth_io properties

Property name

Value

Application name

SECURITY

Event ID

2224

Event name

md_cli_unauth_io

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Possible messages:

  • User $userName$ from $srcAddr$ [session ID $sessionId$]. Command not allowed for this user: $command$

  • User $userName$ from $srcAddr$ [session ID $sessionId$]. Command not allowed for this user: $prompt$ $command$

Cause

The user entered an unauthorized command in the MD-CLI.

Effect

The MD-CLI command was not processed.

Recovery

No recovery is required.

netconf_auth

Table 22. netconf_auth properties

Property name

Value

Application name

SECURITY

Event ID

2227

Event name

netconf_auth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC authorized

Cause

The user called an authorized RPC in the NETCONF interface.

Effect

The RPC was processed.

Recovery

No recovery is required.

netconf_unauth

Table 23. netconf_unauth properties

Property name

Value

Application name

SECURITY

Event ID

2228

Event name

netconf_unauth

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ port $srcPort$ to port $dstPort$ session $sessionId$: $rpcName$ RPC unauthorized

Cause

The user called an unauthorized RPC in the NETCONF interface.

Effect

The RPC was not processed.

Recovery

No recovery is required.

netconf_user_login

Table 24. netconf_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2121

Event name

netconf_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user successfully authenticated for login.

Effect

A user access session was started.

Recovery

No recovery is required

netconf_user_login_failed

Table 25. netconf_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2123

Event name

netconf_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session does not begin. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

netconf_user_login_max_attempts

Table 26. netconf_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2124

Event name

netconf_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.55

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserNetconfLoginMaxAttempts notification is generated when a user attempting to open a netconf session failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to open a netconf session. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to open a netconf session.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is terminated.

Recovery

No recovery action is required.

netconf_user_logout

Table 27. netconf_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2122

Event name

netconf_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

A user access session ended.

Recovery

No recovery is required

radiusInetServerOperStatusChange

Table 28. radiusInetServerOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2026

Event name

radiusInetServerOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.36

Default severity

minor

Source stream

security

Message format string

RADIUS server $radiusServerInetAddress$ operational status changed to $radiusServerOperStatus$.

Cause

The operational status of a RADIUS server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

radiusOperStatusChange

Table 29. radiusOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2014

Event name

radiusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.7

Default severity

minor

Source stream

security

Message format string

RADIUS operational status changed to $radiusOperStatus$

Cause

The radiusOperStatus has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

radiusSystemIpAddrNotSet

Table 30. radiusSystemIpAddrNotSet properties

Property name

Value

Application name

SECURITY

Event ID

2016

Event name

radiusSystemIpAddrNotSet

SNMP notification prefix and OID

N/A

Default severity

major

Source stream

security

Message format string

System IP address is not configured

Cause

A user attempted authentication through RADIUS but the system IP address is not configured.

Effect

Cannot authenticate the user using RADIUS.

Recovery

Configure the system IP address.

radiusUserProfileInvalid

Table 31. radiusUserProfileInvalid properties

Property name

Value

Application name

SECURITY

Event ID

2220

Event name

radiusUserProfileInvalid

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

Invalid $attrType$ '$attrValue$' received from RADIUS server for user '$userName$'

Cause

The RADIUS server provided invalid user profile entry.

Effect

The RADIUS user will not be authorized to execute any commands.

Recovery

The RADIUS server configuration needs to be updated to contain only valid user profile entries.

sapDcpDynamicConform

Table 32. sapDcpDynamicConform properties

Property name

Value

Application name

SECURITY

Event ID

2059

Event name

sapDcpDynamicConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.46

Default severity

warning

Source stream

security

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicConform notification is generated when the protocol for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpDynamicEnforceAlloc

Table 33. sapDcpDynamicEnforceAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2064

Event name

sapDcpDynamicEnforceAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.51

Default severity

warning

Source stream

security

Message format string

Dynamic $sapDcpFpProtocol$ policers allocated for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpDynamicEnforceAlloc notification is generated when a dynamic enforcement policer is allocated on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is not in conformance with the configured parameters of the associated distributed CPU protection policy and may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpDynamicEnforceFreed

Table 34. sapDcpDynamicEnforceFreed properties

Property name

Value

Application name

SECURITY

Event ID

2065

Event name

sapDcpDynamicEnforceFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.52

Default severity

warning

Source stream

security

Message format string

Dynamic $sapDcpFpProtocol$ policers freed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicEnforceFreed notification is generated when a dynamic enforcement policer is freed on a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected SAP is now in conformance with the configured parameters of the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpDynamicExcd

Table 35. sapDcpDynamicExcd properties

Property name

Value

Application name

SECURITY

Event ID

2053

Event name

sapDcpDynamicExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.40

Default severity

warning

Source stream

security

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicExcd notification is generated when the protocol on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpDynamicHoldDownEnd

Table 36. sapDcpDynamicHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2057

Event name

sapDcpDynamicHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.44

Default severity

warning

Source stream

security

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

sapDcpDynamicHoldDownStart

Table 37. sapDcpDynamicHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2055

Event name

sapDcpDynamicHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.42

Default severity

warning

Source stream

security

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpProtocol$(dynamic). Excd count= $sapDcpFpDynExcdCount$

Cause

The sapDcpDynamicHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

sapDcpLocMonExcd

Table 38. sapDcpLocMonExcd properties

Property name

Value

Application name

SECURITY

Event ID

2060

Event name

sapDcpLocMonExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.47

Default severity

warning

Source stream

security

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcd notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system will attempt to allocate dynamic enforcement policers. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpLocMonExcdAllDynAlloc

Table 39. sapDcpLocMonExcdAllDynAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2062

Event name

sapDcpLocMonExcdAllDynAlloc

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.49

Default severity

warning

Source stream

security

Message format string

All dynamic policers allocated for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Excd count= $sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdAllDynAlloc notification is generated when all dynamic enforcement policers associated with a non-conformant local-monitoring-policer have been successfully allocated for a particular SAP. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configure to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpLocMonExcdAllDynFreed

Table 40. sapDcpLocMonExcdAllDynFreed properties

Property name

Value

Application name

SECURITY

Event ID

2063

Event name

sapDcpLocMonExcdAllDynFreed

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.50

Default severity

warning

Source stream

security

Message format string

All dynamic policers freed for local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$.

Cause

The sapDcpLocMonExcdAllDynFreed notification is generated for a particular SAP when all the previously allocated dynamic enforcement policers for a particular local-monitoring-policer on the associated distributed CPU protection policy have been freed up and all the protocols are once again being monitored by local-monitor. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform.

Recovery

There is no recovery required for this notification.

sapDcpLocMonExcdDynResource

Table 41. sapDcpLocMonExcdDynResource properties

Property name

Value

Application name

SECURITY

Event ID

2061

Event name

sapDcpLocMonExcdDynResource

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.48

Default severity

warning

Source stream

security

Message format string

Local monitor $sapDcpFpLocMonPlcrName$ for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ detected as non-conformant at $sapDcpTimeEventOccured$ and cannot allocate dynamic policers. Policy $sapDCpuProtPolicy$. Excd count=$sapDcpFpLocMonExcdCount$

Cause

The sapDcpLocMonExcdDynResource notification is generated when the local-monitoring-policer for a particular SAP has transitioned from a conformant state to a non-conformant state and the system cannot allocate all the dynamic enforcements policers associated with the distributed CPU protection policy . This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP or to the dynamic enforcement policer pool(TIMETRA-CHASSIS-MIB.mib::tmnxFPDCpuProtDynEnfrcPlcrPool).

sapDcpStaticConform

Table 42. sapDcpStaticConform properties

Property name

Value

Application name

SECURITY

Event ID

2058

Event name

sapDcpStaticConform

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.45

Default severity

warning

Source stream

security

Message format string

Sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ newly conformant at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count=$sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticConform notification is generated when the static-policer for a particular SAP has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

sapDcpStaticExcd

Table 43. sapDcpStaticExcd properties

Property name

Value

Application name

SECURITY

Event ID

2052

Event name

sapDcpStaticExcd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.39

Default severity

warning

Source stream

security

Message format string

Non conformant sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticExcd notification is generated when the static-policer on a particular SAP has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected SAP may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected SAP may be required.

sapDcpStaticHoldDownEnd

Table 44. sapDcpStaticHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2056

Event name

sapDcpStaticHoldDownEnd

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.43

Default severity

warning

Source stream

security

Message format string

Hold-down completed for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownEnd notification is generated when a particular SAP completes hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer for an affected SAP will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

sapDcpStaticHoldDownStart

Table 45. sapDcpStaticHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2054

Event name

sapDcpStaticHoldDownStart

SNMP notification prefix and OID

TIMETRA-SAP-MIB.sapTraps.41

Default severity

warning

Source stream

security

Message format string

Hold-down started for sap $sapEncapValue$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $sapDcpTimeEventOccured$. Policy $sapDCpuProtPolicy$. Policer=$sapDcpFpStaticPlcrName$(static). Excd count= $sapDcpFpStaticExcdCount$

Cause

The sapDcpStaticHoldDownStart notification is generated when a particular SAP starts hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

SSH_server_preserve_key_fail

Table 46. SSH_server_preserve_key_fail properties

Property name

Value

Application name

SECURITY

Event ID

2024

Event name

SSH_server_preserve_key_fail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.1

Default severity

minor

Source stream

security

Message format string

Persistence of SSH server host key failed on $tmnxCpmFlashHwIndex$ with operational status $tmnxCpmFlashOperStatus$.

Cause

Persistence of the SSH server host keys failed.

Effect

The SSH server host key will differ after reboot. The remote server host key will not be stored across reboots.

Recovery

N/A

ssh_user_login

Table 47. ssh_user_login properties

Property name

Value

Application name

SECURITY

Event ID

2009

Event name

ssh_user_login

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged in

Cause

A user was successfully authenticated for login.

Effect

The user access session was started.

Recovery

No recovery is required

ssh_user_login_failed

Table 48. ssh_user_login_failed properties

Property name

Value

Application name

SECURITY

Event ID

2011

Event name

ssh_user_login_failed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ failed authentication

Cause

A user failed authentication.

Effect

The user access session was not started. The user will be given another opportunity to authenticate himself.

Recovery

No recovery is required

ssh_user_login_max_attempts

Table 49. ssh_user_login_max_attempts properties

Property name

Value

Application name

SECURITY

Event ID

2012

Event name

ssh_user_login_max_attempts

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.48

Default severity

minor

Source stream

security

Message format string

User $tmnxSecNotifyUserName$ from $tmnxSecNotifyAddr$ attempted more than $tmnxPasswordAttemptsCount$ times to log in, user locked out for $tmnxPasswordAttemptsLockoutPeriod$ min

Cause

A tmnxUserSshLoginMaxAttempts notification is generated when a user attempting to connect via SSH failed to authenticate for more than a maximum allowed number of times in a period of tmnxPasswordAttemptsTime minutes. The value of the object tmnxPasswordAttemptsCount indicates the maximum number of unsuccessful login attempts allowed. The value of the object tmnxPasswordAttemptsLockoutPeriod indicates the number of minutes the user is locked out if the threshold of unsuccessful login attempts has been exceeded. The value of the object tmnxSecNotifyUserName indicates the name of the user attempting to connect via SSH. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the IP address of the user attempting to connect via SSH.

Effect

The user is locked out for a period of tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is terminated.

Recovery

No recovery action is required.

ssh_user_logout

Table 50. ssh_user_logout properties

Property name

Value

Application name

SECURITY

Event ID

2010

Event name

ssh_user_logout

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out

Cause

A user logged out.

Effect

The user access session ended.

Recovery

No recovery is required.

sysDNSSecFailedAuthentication

Table 51. sysDNSSecFailedAuthentication properties

Property name

Value

Application name

SECURITY

Event ID

2086

Event name

sysDNSSecFailedAuthentication

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.57

Default severity

warning

Source stream

security

Message format string

Possible messages:

  • Received response for ' $tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response accepted

  • Received response for '$tmnxSysDNSSecDomainName$' from DNS Security aware server, the AD-bit is not set, response dropped

Cause

The sysDNSSecFailedAuthentication notification is generated when a DNS response PDU is received with an unset AD-bit and sysDNSSecAdValidation is set to 'true (1)'.

Effect

This notification is informational only. The message will vary depending on the state of sysDNSSecRespCtrl.

Recovery

There is no recovery required for this notification.

tacplusInetSrvrOperStatusChange

Table 52. tacplusInetSrvrOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2025

Event name

tacplusInetSrvrOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.35

Default severity

minor

Source stream

security

Message format string

TACACS+ server $tacPlusServerInetAddress$ operational status changed to $tacplusServerOperStatus$.

Cause

The operational status of a TACACS+ server has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

tacplusOperStatusChange

Table 53. tacplusOperStatusChange properties

Property name

Value

Application name

SECURITY

Event ID

2018

Event name

tacplusOperStatusChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.20

Default severity

minor

Source stream

security

Message format string

TACACS+ operational status changed to $tacplusOperStatus$.

Cause

The TACACS+ operational status has transitioned either from 'up' to 'down' or from 'down' to 'up'.

Effect

N/A

Recovery

No recovery is necessary.

tmnxAppPkiCertVerificationFailed

Table 54. tmnxAppPkiCertVerificationFailed properties

Property name

Value

Application name

SECURITY

Event ID

2116

Event name

tmnxAppPkiCertVerificationFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.54

Default severity

minor

Source stream

security

Message format string

$tmnxSecNotifClientAppName$ : Certificate $tmnxSecNotifCert$ verification failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxAppPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails for a non-IPsec application.

Effect

Fail to establish a secured connection with the remote entity.

Recovery

Make sure the certificate specified in tmnxSecNotifCert is a valid certificate and an appropriate trust anchor is configured.

tmnxCAProfileStateChange

Table 55. tmnxCAProfileStateChange properties

Property name

Value

Application name

SECURITY

Event ID

2045

Event name

tmnxCAProfileStateChange

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.18

Default severity

minor

Source stream

security

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ $tmnxSecNotifFailureReason$

Cause

The tmnxCAProfileStateChange notification is generated when Certificate Authority profile changes state to 'down' due to tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain in this state until a corrective action is taken.

Recovery

Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

tmnxCAProfUpDueToRevokeChkCrlOpt

Table 56. tmnxCAProfUpDueToRevokeChkCrlOpt properties

Property name

Value

Application name

SECURITY

Event ID

2094

Event name

tmnxCAProfUpDueToRevokeChkCrlOpt

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.27

Default severity

minor

Source stream

security

Message format string

CA profile $tmnxPkiCAProfile$ changed state to $tmnxPkiCAProfileOperState$ regardless of $tmnxSecNotifFailureReason$ due to crl-optional is set

Cause

The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated when Certificate Authority profile changes state to 'up' due to tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in tmnxSecNotifFailureReason.

Effect

Certificate Authority profile will remain up.

Recovery

Errors described in tmnxSecNotifFailureReason should still be corrected.

tmnxCertExport

Table 57. tmnxCertExport properties

Property name

Value

Application name

SECURITY

Event ID

2233

Event name

tmnxCertExport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.58

Default severity

minor

Source stream

security

Message format string

admin certificate export type $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertExport notification is generated when a user exports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCertImport

Table 58. tmnxCertImport properties

Property name

Value

Application name

SECURITY

Event ID

2232

Event name

tmnxCertImport

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.57

Default severity

minor

Source stream

security

Message format string

admin certificate import type $tmnxSecNotifyImportExportType$ input $tmnxSecNotifyUrl$ output $tmnxSecNotifFile$ format $tmnxSecNotifyImportExportFormat$ : $tmnxSecEventOutcome$

Cause

A tmnxCertImport notification is generated when a user imports a cryptographic key, certificate, or CRL with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCertKeyPairGen

Table 59. tmnxCertKeyPairGen properties

Property name

Value

Application name

SECURITY

Event ID

2231

Event name

tmnxCertKeyPairGen

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.56

Default severity

minor

Source stream

security

Message format string

Possible messages:

  • admin certificate gen-keypair $tmnxSecNotifyUrl$ curve $tmnxSecNotifyCurve$ : $tmnxSecEventOutcome$

  • admin certificate gen-keypair $tmnxSecNotifyUrl$ size $tmnxSecNotifyKeySize$ type $tmnxSecNotifyKeyType$ : $tmnxSecEventOutcome$

Cause

A tmnxCertKeyPairGen notification is generated when a user generates a cryptographic key with the admin certificate command

Effect

N/A

Recovery

N/A

tmnxCliGroupSessionLimitExceeded

Table 60. tmnxCliGroupSessionLimitExceeded properties

Property name

Value

Application name

SECURITY

Event ID

2112

Event name

tmnxCliGroupSessionLimitExceeded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.44

Default severity

minor

Source stream

security

Message format string

$tmnxSessionLimitExceededType$ of CLI session group ' $tmnxSessionLimitExceededName$' has been exceeded

Cause

The tmnxCliGroupSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the CLI session group of which the user is an indirect member (as a member of a user profile that is a member of the CLI session group) has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the CLI session group of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded.

Effect

The user access session has not been established.

Recovery

An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxCliSessionGroupTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's privileges) 4) revoke the session group membership for the particular profile

tmnxConfigCreate

Table 61. tmnxConfigCreate properties

Property name

Value

Application name

SECURITY

Event ID

2207

Event name

tmnxConfigCreate

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.9

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ managed object created

Cause

A new row entry was created in one of the MIB tables. This event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

tmnxConfigDelete

Table 62. tmnxConfigDelete properties

Property name

Value

Application name

SECURITY

Event ID

2208

Event name

tmnxConfigDelete

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.10

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ managed object deleted

Cause

An existing row entry in one of the MIB tables is deleted. This event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

tmnxConfigModify

Table 63. tmnxConfigModify properties

Property name

Value

Application name

SECURITY

Event ID

2206

Event name

tmnxConfigModify

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.8

Default severity

warning

Source stream

security

Message format string

$tmnxNotifyObjectName$ configuration modified

Cause

A configuration attribute associated with a row entry in a MIB table was modified. this event can be used by an NMS to trigger maintenance polls of the configuration information. Although this log event is primarily associated with classic management interfaces (for example, Classic CLI or SNMP), it is also generated when configuration changes are committed using model driven interfaces (for example, MD-CLI or NETCONF).

Effect

N/A

Recovery

No recovery is necessary.

tmnxCpmProtDefPolModified

Table 64. tmnxCpmProtDefPolModified properties

Property name

Value

Application name

SECURITY

Event ID

2037

Event name

tmnxCpmProtDefPolModified

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.11

Default severity

minor

Source stream

security

Message format string

Default policy $tmnxCpmProtPolId$ being modified by user.

Cause

User modifies default access or default network policy.

Effect

N/A

Recovery

No recovery is necessary.

tmnxCpmProtExcdSapEcm

Table 65. tmnxCpmProtExcdSapEcm properties

Property name

Value

Application name

SECURITY

Event ID

2041

Event name

tmnxCpmProtExcdSapEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.14

Default severity

warning

Source stream

security

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSapEcmOpCode$ domain level $tmnxCpmProtExcdSapEcmLevel$ MAC $tmnxCpmProtExcdSapEcmMac$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local SAP at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the SAP was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

tmnxCpmProtExcdSapIp

Table 66. tmnxCpmProtExcdSapIp properties

Property name

Value

Application name

SECURITY

Event ID

2046

Event name

tmnxCpmProtExcdSapIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.19

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSapIpAddr$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSapIp notification is generated when a source (identified by an IP address) sends a packet stream to a local SAP at a rate which exceeds the SAP's configured per-source-rate. [EFFECT] One or more packets arriving at the SAP was discarded. [RECOVERY] Reduce the packet transmission rate at the far end, OR increase the locally configured per-source-rate for the SAP, OR disable per-IP-source rate limiting on the SAP by setting TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'.

Effect

N/A

Recovery

N/A

tmnxCpmProtExcdSdpBind

Table 67. tmnxCpmProtExcdSdpBind properties

Property name

Value

Application name

SECURITY

Event ID

2040

Event name

tmnxCpmProtExcdSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.13

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtExcdSdpBindMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBind notification is generated when a source (identified by a MAC address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

tmnxCpmProtExcdSdpBindEcm

Table 68. tmnxCpmProtExcdSdpBindEcm properties

Property name

Value

Application name

SECURITY

Event ID

2042

Event name

tmnxCpmProtExcdSdpBindEcm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.15

Default severity

warning

Source stream

security

Message format string

Eth-CFM packet arrival rate exceeded for Eth-CFM opcode $tmnxCpmProtExcdSdpBindEcmOpCode$ domain level $tmnxCpmProtExcdSdpBindEcmLevel$ MAC $tmnxCpmProtExcdSdpBindEcmMac$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindEcm notification is generated when an Eth-CFM packet stream (identified by a source MAC address, domain level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at a rate which exceeds the configured Eth-CFM rate limit for the stream.

Effect

One or more Eth-CFM packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured Eth-CFM rate limit for the stream.

tmnxCpmProtExcdSdpBindIp

Table 69. tmnxCpmProtExcdSdpBindIp properties

Property name

Value

Application name

SECURITY

Event ID

2087

Event name

tmnxCpmProtExcdSdpBindIp

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.23

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for IP $tmnxCpmProtExcdSdpBindIpAddr$ SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtExcdSdpBindIp notification is generated when a source (identified by an IP address) sends a packet stream to a local mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured per-source-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured per-source-rate for the SDP.

tmnxCpmProtViolIf

Table 70. tmnxCpmProtViolIf properties

Property name

Value

Application name

SECURITY

Event ID

2030

Event name

tmnxCpmProtViolIf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.5

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for an interface and notifications are enabled. The overall packet arrival rate limit is specified by the managed object tmnxCpmProtPolOverallRateLimit of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId. Notifications are enabled if the value of the managed object tmnxCpmProtPolAlarm of the interface protection policy specified by the managed object TIMETRA-VRTR-MIB::vRtrIfCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPolOverallRateLimit. Additional information can be retrieved in the SNMP table tmnxCpmProtViolIfTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolIfOutProf

Table 71. tmnxCpmProtViolIfOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2085

Event name

tmnxCpmProtViolIfOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.22

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for interface $vRtrIfIndex$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolIfOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this interface.

tmnxCpmProtViolMac

Table 72. tmnxCpmProtViolMac properties

Property name

Value

Application name

SECURITY

Event ID

2032

Event name

tmnxCpmProtViolMac

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.7

Default severity

warning

Source stream

security

Message format string

Per-source packet arrival rate exceeded for MAC $tmnxCpmProtViolMacAddress$ SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-source rate limit violation was detected for a source, and notifications are enabled. The per-source rate limit is specified by the object tmnxCpmProtPolPerSrcRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolPerSrcRateLimit Additional information can be retrieved in the table tmnxCpmProtExcdTable.

Effect

While the per-source rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolPort

Table 73. tmnxCpmProtViolPort properties

Property name

Value

Application name

SECURITY

Event ID

2028

Event name

tmnxCpmProtViolPort

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.3

Default severity

warning

Source stream

security

Message format string

Link-specific packet arrival rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A link-specific packet arrival rate limit violation was detected for a port. The link-specific packet arrival rate limit is specified by the managed object tmnxCpmProtLinkRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtLinkRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some packets from link-specific protocols are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolPortAgg

Table 74. tmnxCpmProtViolPortAgg properties

Property name

Value

Application name

SECURITY

Event ID

2029

Event name

tmnxCpmProtViolPortAgg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.4

Default severity

warning

Source stream

security

Message format string

Per-port overall packet rate limit exceeded for port $tmnxPortPortID$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A per-port overall packet rate limit violation was detected for a port. The per-port overall packet rate limit is specified by the managed object tmnxCpmProtPortOverallRateLimit. This event may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the managed object tmnxCpmProtPortOverallRateLimit. Additional information can be retrieved from the SNMP table tmnxCpmProtViolPortTable.

Effect

While the link-specific packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolSap

Table 75. tmnxCpmProtViolSap properties

Property name

Value

Application name

SECURITY

Event ID

2031

Event name

tmnxCpmProtViolSap

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.6

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

A overall packet arrival rate limit violation was detected for a SAP and notifications are enabled. The overall packet arrival rate limit is specified by the object tmnxCpmProtPolOverallRateLimit of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId. Notifications are enabled if the value of the object tmnxCpmProtPolAlarm of the SAP protection policy specified by the object TIMETRA-SAP-MIB::sapCpmProtPolicyId is equal to 'true'. The notification may indicate either a Denial-Of-Service Attack or an inappropriate configuration of the tmnxCpmProtPolOverallRateLimit Additional information can be retrieved in the table tmnxCpmProtViolSapTable.

Effect

While the overall packet arrival rate limit is being exceeded, some protocol packets are dropped.

Recovery

No recovery is necessary.

tmnxCpmProtViolSapOutProf

Table 76. tmnxCpmProtViolSapOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2084

Event name

tmnxCpmProtViolSapOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.21

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for SAP $sapEncapValue$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSapOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SAP.

tmnxCpmProtViolSdpBind

Table 77. tmnxCpmProtViolSdpBind properties

Property name

Value

Application name

SECURITY

Event ID

2039

Event name

tmnxCpmProtViolSdpBind

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.12

Default severity

warning

Source stream

security

Message format string

Overall packet arrival rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBind notification is generated when the packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's configured overall-rate.

Effect

One or more packets arriving at the mesh-sdp or spoke-sdp was discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the locally configured overall-rate for the SDP.

tmnxCpmProtViolSdpBindOutProf

Table 78. tmnxCpmProtViolSdpBindOutProf properties

Property name

Value

Application name

SECURITY

Event ID

2089

Event name

tmnxCpmProtViolSdpBindOutProf

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.25

Default severity

warning

Source stream

security

Message format string

Out-of-Profile control packets rate exceeded for SDP Bind $sdpBindId$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

The tmnxCpmProtViolSdpBindOutProf notification is generated when the rate at which incoming control packets are marked as out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded. This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt is set to 'true'.

Effect

One or more control packets being marked as out-of-profile will be discarded.

Recovery

Reduce the packet transmission rate at the far end, or increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for this SDP binding.

tmnxCpmProtViolVdoSvcClient

Table 79. tmnxCpmProtViolVdoSvcClient properties

Property name

Value

Application name

SECURITY

Event ID

2033

Event name

tmnxCpmProtViolVdoSvcClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.8

Default severity

warning

Source stream

security

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoSvcCltAddr$ in service $svcId$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

tmnxCpmProtViolVdoVrtrClient

Table 80. tmnxCpmProtViolVdoVrtrClient properties

Property name

Value

Application name

SECURITY

Event ID

2034

Event name

tmnxCpmProtViolVdoVrtrClient

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.9

Default severity

warning

Source stream

security

Message format string

Per-source rate limit exceeded for source $tmnxCpmProtViolVdoVrtrCltAddr$. Hex Dump(First 64 bytes): $tmnxCpmProtViolExcdPktHexDump$

Cause

N/A

Effect

N/A

Recovery

N/A

tmnxDcpCardFpEventOvrflw

Table 81. tmnxDcpCardFpEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2080

Event name

tmnxDcpCardFpEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.72

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection FP log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflw notification is generated when a flood of distributed CPU protection events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardFpEventOvrflwClr

Table 82. tmnxDcpCardFpEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2049

Event name

tmnxDcpCardFpEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.77

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection FP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardFpEventOvrflwClr notification is generated when the event throttling has ended for distributed CPU protection FP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpCardSapEventOvrflw

Table 83. tmnxDcpCardSapEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2081

Event name

tmnxDcpCardSapEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.73

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection SAP log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflw notification is generated when a flood of distributed CPU protection SAP events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some SAP notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardSapEventOvrflwClr

Table 84. tmnxDcpCardSapEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2050

Event name

tmnxDcpCardSapEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.78

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection SAP log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardSapEventOvrflwClr notification is generated when the event throttling has ended for distributed CPU protection SAP events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpCardVrtrIfEventOvrflw

Table 85. tmnxDcpCardVrtrIfEventOvrflw properties

Property name

Value

Application name

SECURITY

Event ID

2082

Event name

tmnxDcpCardVrtrIfEventOvrflw

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.74

Default severity

warning

Source stream

security

Message format string

Distributed CPU Protection Network_if log event overflow occurred on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflw notification is generated when a flood of distributed CPU protection network-interface events occur on a particular card and some of the events are lost due to event throttling mechanism.

Effect

Some network-interface notifications configured on the card may not be received.

Recovery

Notifications will resume once the event throttling ends.

tmnxDcpCardVrtrIfEventOvrflwClr

Table 86. tmnxDcpCardVrtrIfEventOvrflwClr properties

Property name

Value

Application name

SECURITY

Event ID

2051

Event name

tmnxDcpCardVrtrIfEventOvrflwClr

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.79

Default severity

warning

Source stream

security

Message format string

$tmnxDcpMissingNotificationCount$ Distributed CPU Protection Netwk_if log events were dropped in the last event throttling interval on card $tmnxChassisNotifyCardSlotNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpCardVrtrIfEventOvrflwClr notification is generated the when event throttling has ended for distributed CPU protection network-interface events on a particular card.

Effect

Notifications are received again since the event throttling has ended.

Recovery

There is no recovery for this notification.

tmnxDcpFpDynPoolUsageHiAlmClear

Table 87. tmnxDcpFpDynPoolUsageHiAlmClear properties

Property name

Value

Application name

SECURITY

Event ID

2048

Event name

tmnxDcpFpDynPoolUsageHiAlmClear

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.76

Default severity

warning

Source stream

security

Message format string

Dynamic Enforcement Pool OK again on fp $tmnxCardSlotNum$/ $tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmClear notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is no longer exhausted.

Effect

Dynamic enforcement policers are available in the free pool to be allocated when needed.

Recovery

There is no recovery required for this notification.

tmnxDcpFpDynPoolUsageHiAlmRaise

Table 88. tmnxDcpFpDynPoolUsageHiAlmRaise properties

Property name

Value

Application name

SECURITY

Event ID

2047

Event name

tmnxDcpFpDynPoolUsageHiAlmRaise

SNMP notification prefix and OID

TIMETRA-CHASSIS-MIB.tmnxChassisNotification.75

Default severity

warning

Source stream

security

Message format string

Dynamic Enforcement Pool nearly (or fully) exhausted on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $tmnxDcpTimeEventOccured$

Cause

The tmnxDcpFpDynPoolUsageHiAlmRaise notification is generated when the dynamic enforcement policer pool usage on the forwarding plane is nearly exhausted.

Effect

Dynamic enforcement policers may not get allocated on the forwarding plane.

Recovery

This notification will be cleared when either the dynamic enforcement policer pool is increased or the usage drops.

tmnxFileCopied

Table 89. tmnxFileCopied properties

Property name

Value

Application name

SECURITY

Event ID

2236

Event name

tmnxFileCopied

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.61

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ copy to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileCopied notification is generated when a user copies a file through the file command

Effect

N/A

Recovery

N/A

tmnxFileDeleted

Table 90. tmnxFileDeleted properties

Property name

Value

Application name

SECURITY

Event ID

2234

Event name

tmnxFileDeleted

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.59

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ delete : $tmnxSecEventOutcome$

Cause

A tmnxFileDeleted notification is generated when a user deletes a file through the file command

Effect

N/A

Recovery

N/A

tmnxFileMoved

Table 91. tmnxFileMoved properties

Property name

Value

Application name

SECURITY

Event ID

2235

Event name

tmnxFileMoved

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.60

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifyUrl$ move to $tmnxSecNotifyNewUrl$ : $tmnxSecEventOutcome$

Cause

A tmnxFileMoved notification is generated when a user moves a file through the file command

Effect

N/A

Recovery

N/A

tmnxFileUnzip

Table 92. tmnxFileUnzip properties

Property name

Value

Application name

SECURITY

Event ID

2237

Event name

tmnxFileUnzip

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.62

Default severity

minor

Source stream

security

Message format string

File unzip operation completed with source $tmnxSecNotifyUrl$ destination $tmnxSecNotifyDestUrl$ and result $tmnxSecNotifFileUnzipResult$

Cause

The tmnxFileUnzip notification is generated upon the completion of an unzip operation of the source ZIP file specified by tmnxSecNotifyUrl to the destination location specified by tmnxSecNotifyDestUrl.

Effect

The result is indicated by the value of tmnxSecNotifFileUnzipResult as follows: success (0) - unzip is successful. partialSuccess (1) - unzip is partially successful, skipped some files. sourceNotFound (2) - failed - cannot find the ZIP file. sourceNotSupported (3) - failed - ZIP file is not supported. destNotFound (4) - failed - cannot find the destination URL. destFull (5) - failed - destination storage is full. fileTooBig (6) - failed - file size exceeds limit. otherFailure (7) - failed - another reason.

Recovery

No recovery action if tmnxSecNotifFileUnzipResult is success (0). Otherwise, depending on the indicated failure, corrective action should be taken before attempting another unzip operation.

tmnxKeyChainAuthFailure

Table 93. tmnxKeyChainAuthFailure properties

Property name

Value

Application name

SECURITY

Event ID

2027

Event name

tmnxKeyChainAuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.2

Default severity

minor

Source stream

security

Message format string

Incoming packet from source address $tmnxKeyChainAuthAddress$ virtual router $vRtrID$ dropped due to key chain authentication failure and possible reason is $tmnxKeyChainAuthFailReason$.

Cause

The incoming packet was dropped due to key chain authentication failure. Failure could be due to the following reasons or more: - Send packet had no auth keychain but recv side had keychain enabled. - Keychain key id's did not match. - Keychain key digest mismatch. - Received packet with and invalid enhanced authentication option length. - For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'.

Effect

N/A

Recovery

No recovery is necessary.

tmnxMD5AuthFailure

Table 94. tmnxMD5AuthFailure properties

Property name

Value

Application name

SECURITY

Event ID

2036

Event name

tmnxMD5AuthFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.10

Default severity

minor

Source stream

security

Message format string

Incoming packet from source address $tmnxMD5AuthAddr$ virtual router $vRtrID$ dropped due to MD5 authentication failure and possible reason is $tmnxMD5AuthFailReason$.

Cause

The incoming packet was dropped due to MD5 authentication failure. Failure is due to digest mismatch.

Effect

N/A

Recovery

No recovery is necessary.

tmnxPasswordHashingChanged

Table 95. tmnxPasswordHashingChanged properties

Property name

Value

Application name

SECURITY

Event ID

2238

Event name

tmnxPasswordHashingChanged

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.63

Default severity

minor

Source stream

security

Message format string

Password hashing changed from $tmnxSecNotifOldPasswordHashing$ to $tmnxSecNotifNewPasswordHashing$

Cause

The tmnxPasswordHashingChanged notification is generated upon the change of password hashing algorithm (tmnxPasswordHashing). The value of the object tmnxSecNotifNewPasswordHashing indicates the new password hashing algorithm. The value of the object tmnxSecNotifOldPasswordHashing indicates the new password hashing algorithm.

Effect

Users will be prompted to change their password upon log in to the system. All newly stored user passwords will be hashed by the algorithm defined by tmnxPasswordHashing.

Recovery

No recovery action is required.

tmnxPkiCAProfActnStatusChg

Table 96. tmnxPkiCAProfActnStatusChg properties

Property name

Value

Application name

SECURITY

Event ID

2083

Event name

tmnxPkiCAProfActnStatusChg

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.20

Default severity

minor

Source stream

security

Message format string

$tmnxPkiCAProfActnType$ for ca-profile ($tmnxPkiCAProfile$) $tmnxPkiCAProfActnStatus$. ca-response: $tmnxCAProfActnStatusCode$. $tmnxPkiCAProfActnStatusString$

Cause

The tmnxPkiCAProfActnStatusChg notification is generated when tmnxPkiCAProfActnStatus changes status. More information is available through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode.

Effect

This is due to the action performed using tmnxPkiCAProfActnTable.

Recovery

Depending on the information available in this trap, another tmnxPkiCAProfActnType request may be issued by correcting the parameters in the tmnxPkiCAProfActnTable.

tmnxPkiCAProfCrlUpdAllUrlsFail

Table 97. tmnxPkiCAProfCrlUpdAllUrlsFail properties

Property name

Value

Application name

SECURITY

Event ID

2108

Event name

tmnxPkiCAProfCrlUpdAllUrlsFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.40

Default severity

minor

Source stream

security

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$), the last of all the URLs for CA profile $tmnxPkiCAProfile$, due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated when the CRL update operation failed after attempting all URLs for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable.

Effect

When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop attempting to update the CRL file. The system will attempt to download the same CRL file starting from the first URL in the URL list again after 1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or 2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

tmnxPkiCAProfCrlUpdateStart

Table 98. tmnxPkiCAProfCrlUpdateStart properties

Property name

Value

Application name

SECURITY

Event ID

2105

Event name

tmnxPkiCAProfCrlUpdateStart

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.37

Default severity

minor

Source stream

security

Message format string

Started updating the CRL file for CA profile $tmnxPkiCAProfileNameForNotify$

Cause

A tmnxPkiCAProfCrlUpdateStart notification is generated when a CRL update operation is started for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

The system is downloading the CRL file from a URL, which is configured via tmnxPkiCAProfUrlTable.

Recovery

No recovery is required for this notification.

tmnxPkiCAProfCrlUpdateSuccess

Table 99. tmnxPkiCAProfCrlUpdateSuccess properties

Property name

Value

Application name

SECURITY

Event ID

2106

Event name

tmnxPkiCAProfCrlUpdateSuccess

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.38

Default severity

minor

Source stream

security

Message format string

A CRL file was successfully updated from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$) for CA profile $tmnxPkiCAProfile$

Cause

A tmnxPkiCAProfCrlUpdateSuccess notification is generated when a new valid CRL file is successfully updated for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable.

Effect

tmnxPkiCAProfileCRLFile will be replaced if the downloaded CRL file qualified. The cases that a downloaded CRL does not qualify are explained in the description clause of tmnxPkiCAProfAtCrlUpdScheduleT.

Recovery

No recovery is required for this notification.

tmnxPkiCAProfCrlUpdateUrlFail

Table 100. tmnxPkiCAProfCrlUpdateUrlFail properties

Property name

Value

Application name

SECURITY

Event ID

2107

Event name

tmnxPkiCAProfCrlUpdateUrlFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.39

Default severity

minor

Source stream

security

Message format string

Failed to update the CRL file from $tmnxPkiCAProfUrl$ ( $tmnxPkiCAProfUrlId$) due to $tmnxSecNotifFailureReason$

Cause

A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when the CRL update operation has failed after attempting the indicated URL for an existing CA Profile. The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an existing CA Profile are configured via tmnxPkiCAProfUrlTable. A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the last one in the URL list for an existing CA Profile. In such case, a tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent.

Effect

The system will attempt to download the CRL file from the next URL in the URL list.

Recovery

Make sure the URLs specified in tmnxPkiCAProfUrlTable are correct.

tmnxPkiCAProfCrlUpdLargPreUpdTm

Table 101. tmnxPkiCAProfCrlUpdLargPreUpdTm properties

Property name

Value

Application name

SECURITY

Event ID

2113

Event name

tmnxPkiCAProfCrlUpdLargPreUpdTm

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.45

Default severity

minor

Source stream

security

Message format string

The CRL pre-update time for CA profile $tmnxPkiCAProfileNameForNotify$ might be too large

Cause

A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated when the 'nextUpdate' time of a newly downloaded CRL is earlier than the last successful update time or the time of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update time. The last successful update time is stored in tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured via tmnxPkiCAProfAtCrlUpdPreUpdTime.

Effect

The system will update the CRL again in tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately.

Recovery

Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less than (the 'nextUpdate' value of the newly downloaded CRL - the last successful update time). The ideal value would be a value slightly lower than the CRL overlap period to avoid unnecessary download attempts. No recovery is needed for if the notification is generated in case of setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'.

tmnxPkiCAProfCrlUpdNoNxtUpdTime

Table 102. tmnxPkiCAProfCrlUpdNoNxtUpdTime properties

Property name

Value

Application name

SECURITY

Event ID

2110

Event name

tmnxPkiCAProfCrlUpdNoNxtUpdTime

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.42

Default severity

minor

Source stream

security

Message format string

No further scheduled CRL update for CA profile $tmnxPkiCAProfileNameForNotify$ since either 1) the CRL update retry interval is not configured, or 2) 'nextUpdate' field is missing from the CRL, or 3) the 'nextUpdate' value is beyond the limit of the system

Cause

A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and one of the following conditions is true: 1) The 'nextUpdate' field is missing from the CRL file or contains a value that is beyond the limit of the system 2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured URLs work or contain a CRL that qualifies from the first scheduled update.

Effect

The system will not download a new CRL file.

Recovery

Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if the system is to check for an updated CRL every tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'.

tmnxPkiCAProfRevokeChkWarning

Table 103. tmnxPkiCAProfRevokeChkWarning properties

Property name

Value

Application name

SECURITY

Event ID

2093

Event name

tmnxPkiCAProfRevokeChkWarning

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

$tmnxSecNotifTunnelName$ : CRL check skipped for $skippedCert$ issued by ca-profile $tmnxPkiCAProfile$ while verifying EE cert $eeCertSubject$ due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiCAProfRevokeChkWarning notification is generated whenever a CRL verification is skipped during chain/ee certificate verification. This event is throttled.

Effect

System did not verify revocation status on the subject certificate.

Recovery

Check the value of tmnxPkiCAProfRevokeChk object for this CA profile if it is not expected.

tmnxPkiCertAfterExpWarning

Table 104. tmnxPkiCertAfterExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2096

Event name

tmnxPkiCertAfterExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.29

Default severity

minor

Source stream

security

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ has expired.

Cause

The tmnxPkiCertAfterExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile has expired.

Effect

The indicated certificate has expired.

Recovery

Replace the indicated file with an updated certificate.

tmnxPkiCertBeforeExpWarning

Table 105. tmnxPkiCertBeforeExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2095

Event name

tmnxPkiCertBeforeExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.28

Default severity

minor

Source stream

security

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ will expire in $tmnxPkiExpRemainingHours$ hour(s) and $tmnxPkiExpRemainingMinutes$ minute(s).

Cause

The tmnxPkiCertBeforeExpWarning notification is generated when the certificate indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes.

Effect

The indicated certificate will expire.

Recovery

Replace the indicated file with an updated certificate.

tmnxPkiCertChainCompareCaNoMatch

Table 106. tmnxPkiCertChainCompareCaNoMatch properties

Property name

Value

Application name

SECURITY

Event ID

2251

Event name

tmnxPkiCertChainCompareCaNoMatch

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.74

Default severity

minor

Source stream

main

Message format string

Compute chain for certificate file '$tmnxPkiCertFileNameNotif$': No chain contains certificate with subject DN ' $tmnxPkiCertSubjectNotif$', serial '$tmnxPkiCertSerialNumberNotif$'. Returning the first valid chain.

Cause

The tmnxPkiCertChainCompareCaNoMatch notification is generated when a compute chain for a certificate file does not include the expected (configured) CA.

Effect

The first valid chain was selected.

Recovery

Check compare chain include CA configuration (tIPsecCertProfEntryIdCompChainCa).

tmnxPkiCertExpWarningCleared

Table 107. tmnxPkiCertExpWarningCleared properties

Property name

Value

Application name

SECURITY

Event ID

2097

Event name

tmnxPkiCertExpWarningCleared

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.30

Default severity

minor

Source stream

security

Message format string

Expiration warning for certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ is no longer applicable because of the following reason: $tmnxPkiExpReason$.

Cause

The tmnxPkiCertExpWarningCleared notification is generated when the expiration warning for the certificate indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason.

Effect

The indicated certificate is no longer going to expire.

Recovery

None needed.

tmnxPkiCertNotYetValid

Table 108. tmnxPkiCertNotYetValid properties

Property name

Value

Application name

SECURITY

Event ID

2114

Event name

tmnxPkiCertNotYetValid

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.49

Default severity

minor

Source stream

security

Message format string

Certificate $tmnxSecNotifFile$ used by $tmnxSecNotifClientAppName$ is not yet valid.

Cause

The tmnxPkiCertNotYetValid notification is generated when the certificate indicated in tmnxSecNotifFile is not yet valid.

Effect

The indicated certificate is not usable until the 'notBefore' time is reached. If the certificate is specified in a CA-profile, then the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'notBefore' time is reached.

Recovery

Replace tmnxSecNotifFile with a certificate file that is still valid, or wait until the 'notBefore' time specified in the certificate is reached for the system to recover itself.

tmnxPkiCertUpdUpdateFailed

Table 109. tmnxPkiCertUpdUpdateFailed properties

Property name

Value

Application name

SECURITY

Event ID

2247

Event name

tmnxPkiCertUpdUpdateFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.72

Default severity

minor

Source stream

security

Message format string

Certificate file: $tmnxPkiCertUpdCertFileNameNotif$ - Update failed - Reason: $tmnxPkiCertUpdFailureReasonNotif$

Cause

The tmnxPkiCertUpdUpdateStarted notification is sent when an X509 certificate update fails.

Effect

The certificate was not updated. Update attempts will continually repeat if the failure was caused by an external server.

Recovery

Check certificate update profile and auto update configuration and attempt to update again.

tmnxPkiCertUpdUpdateFinished

Table 110. tmnxPkiCertUpdUpdateFinished properties

Property name

Value

Application name

SECURITY

Event ID

2246

Event name

tmnxPkiCertUpdUpdateFinished

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.71

Default severity

minor

Source stream

security

Message format string

Certificate file: $tmnxPkiCertUpdCertFileNameNotif$ - Update finished - Serial number: $tmnxPkiCertUpdSerialNumberNotif$ - Subject: $tmnxPkiCertUpdSubjectNotif$

Cause

The tmnxPkiCertUpdUpdateStarted notification is sent when an X509 certificate update finishes.

Effect

The certificate was updated.

Recovery

Check certificate update profile configuration and attempt to update again.

tmnxPkiCertUpdUpdateStarted

Table 111. tmnxPkiCertUpdUpdateStarted properties

Property name

Value

Application name

SECURITY

Event ID

2245

Event name

tmnxPkiCertUpdUpdateStarted

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.70

Default severity

minor

Source stream

security

Message format string

Certificate file: $tmnxPkiCertUpdCertFileNameNotif$ - Update started

Cause

The tmnxPkiCertUpdUpdateStarted notification is sent when an X509 certificate update starts as specified by a tmnxPkiCertUpdProfileName.

Effect

The certificate will attempt to update.

Recovery

No recovery action is required.

tmnxPkiCertVerificationFailed

Table 112. tmnxPkiCertVerificationFailed properties

Property name

Value

Application name

SECURITY

Event ID

2044

Event name

tmnxPkiCertVerificationFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.17

Default severity

minor

Source stream

security

Message format string

IPsec Tunnel $tmnxSecNotifTunnelName$ : Certificate $tmnxSecNotifCert$ verification failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiCertVerificationFailed notification is generated when an attempt to verify the certificate fails.

Effect

Authentication of the tunnel configured with the certificate will start to fail.

Recovery

Make sure the certificate specified in tmnxSecurityNotifCert exists and is a valid certificate.

tmnxPkiCRLAfterExpWarning

Table 113. tmnxPkiCRLAfterExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2099

Event name

tmnxPkiCRLAfterExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.32

Default severity

minor

Source stream

security

Message format string

CRL $tmnxSecNotifFile$ has expired.

Cause

The tmnxPkiCRLAfterExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile has expired.

Effect

The indicated CRL (certificate revocation list) has expired.

Recovery

Replace the indicated file with an updated CRL (certificate revocation list).

tmnxPkiCRLBeforeExpWarning

Table 114. tmnxPkiCRLBeforeExpWarning properties

Property name

Value

Application name

SECURITY

Event ID

2098

Event name

tmnxPkiCRLBeforeExpWarning

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.31

Default severity

minor

Source stream

security

Message format string

CRL $tmnxSecNotifFile$ will expire in $tmnxPkiExpRemainingHours$ hour(s) and $tmnxPkiExpRemainingMinutes$ minute(s).

Cause

The tmnxPkiCRLBeforeExpWarning notification is generated when the CRL (certificate revocation list) indicated in tmnxSecNotifFile will expire in the time period indicated by tmnxPkiExpRemainingHours and tmnxPkiExpRemainingMinutes.

Effect

The indicated CRL (certificate revocation list) will expire.

Recovery

Replace the indicated file with an updated CRL (certificate revocation list).

tmnxPkiCRLExpWarningCleared

Table 115. tmnxPkiCRLExpWarningCleared properties

Property name

Value

Application name

SECURITY

Event ID

2100

Event name

tmnxPkiCRLExpWarningCleared

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.33

Default severity

minor

Source stream

security

Message format string

Expiration warning for CRL $tmnxSecNotifFile$ is no longer applicable because of the following reason: $tmnxPkiExpReason$

Cause

The tmnxPkiCRLExpWarningCleared notification is generated when the expiration warning for the CRL (certificate revocation list) indicated in tmnxSecNotifFile no longer applies because of the reason indicated in tmnxPkiExpReason.

Effect

The indicated CRL (certificate revocation list) is no longer going to expire.

Recovery

None needed.

tmnxPkiCRLNotYetValid

Table 116. tmnxPkiCRLNotYetValid properties

Property name

Value

Application name

SECURITY

Event ID

2115

Event name

tmnxPkiCRLNotYetValid

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.50

Default severity

minor

Source stream

security

Message format string

CRL $tmnxSecNotifFile$ is not yet valid.

Cause

The tmnxPkiCRLNotYetValid notification is generated when the CRL (Certificate Revocation List) indicated in tmnxSecNotifFile is not yet valid.

Effect

The CRL is not usable until the 'thisUpdate' time is reached. Unless tmnxPkiCAProfRevokeChk is configured to 'crlOptional (2)', the operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState) remains down until the 'thisUpdate' time is reached.

Recovery

Replace tmnxSecNotifFile with a CRL that is still valid, or wait until the 'thisUpdate' time specified in the CRL is reached for the system to recover itself.

tmnxPkiFileReadFailed

Table 117. tmnxPkiFileReadFailed properties

Property name

Value

Application name

SECURITY

Event ID

2043

Event name

tmnxPkiFileReadFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.16

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifFile$ read failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiFileReadFailed notification is generated when an attempt to read the file fails. Reason of the failure is indicated by the tmnxSecNotifFailureReason object.

Effect

Operational status of tunnels configured to use this certificate will be set to 'down'.

Recovery

Make sure the path specified in tmnxSecNotifFile is correct and the file exists.

tmnxPkiFileWriteFailed

Table 118. tmnxPkiFileWriteFailed properties

Property name

Value

Application name

SECURITY

Event ID

2109

Event name

tmnxPkiFileWriteFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.41

Default severity

minor

Source stream

security

Message format string

File $tmnxSecNotifFile$ write failed due to $tmnxSecNotifFailureReason$

Cause

The tmnxPkiFileWriteFailed notification is generated when an attempt to write the file fails. Reason for the failure is indicated by the tmnxSecNotifFailureReason object.

Effect

The downloaded file is not saved to disk.

Recovery

Make sure the path specified in tmnxSecNotifFile is correct, file permission is writable and there is sufficient disk space.

tmnxSecComputeCertChainFailure

Table 119. tmnxSecComputeCertChainFailure properties

Property name

Value

Application name

SECURITY

Event ID

2088

Event name

tmnxSecComputeCertChainFailure

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.24

Default severity

warning

Source stream

security

Message format string

Certificate chain of cert file $tmnxSecNotifFile$ is incomplete due to $tmnxSecNotifFailureReason$

Cause

The tmnxSecComputeCertChainFailure notification is generated when a compute chain-failure has occurred.

Effect

The chain cannot be built for a configured certificate and the corresponding chain will be empty.

Recovery

Depending on the reason indicated by tmnxSecNotifFailureReason, corrective action should be taken.

tmnxSecNotifFileReloaded

Table 120. tmnxSecNotifFileReloaded properties

Property name

Value

Application name

SECURITY

Event ID

2101

Event name

tmnxSecNotifFileReloaded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.34

Default severity

minor

Source stream

security

Message format string

$tmnxSecNotifFileType$ file "$tmnxSecNotifFile$" has been reloaded.

Cause

The tmnxSecNotifFileReloaded notification is generated when the certificate or key indicated in tmnxSecNotifFile is reloaded. tmnxSecNotifFileType indicates whether a certificate or key has been reloaded.

Effect

The indicated certificate or key has been reloaded.

Recovery

None needed.

tmnxSecNotifKeyChainExpired

Table 121. tmnxSecNotifKeyChainExpired properties

Property name

Value

Application name

SECURITY

Event ID

2090

Event name

tmnxSecNotifKeyChainExpired

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.26

Default severity

minor

Source stream

security

Message format string

Keychain $tmnxKeyChainName$: last entry has expired; called by $tmnxSecNotifOrigProtocol$

Cause

The tmnxSecNotifKeyChainExpired notification is generated when a protocol instance tries to use a keychain, for which the last key entry has expired.

Effect

N/A

Recovery

N/A

tmnxSecPwdHistoryFileLoadFailed

Table 122. tmnxSecPwdHistoryFileLoadFailed properties

Property name

Value

Application name

SECURITY

Event ID

2103

Event name

tmnxSecPwdHistoryFileLoadFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.35

Default severity

minor

Source stream

main

Message format string

Failed to load the password history

Cause

The tmnxSecPwdHistoryFileLoadFailed notification is generated when the password history is enabled (tmnxPasswordHistory is not 0) for the first time and the system was unable to load and process the password history. Failure could be due to the following reasons or more: - This is the first time the password history is enabled on this system. - A previous attempt to store the password history failed. - Somebody removed or modified the password history file.

Effect

The system might not be able to compare the new user password with the user's password history from before the last reboot. If tmnxSecPwdHistLoadFailReason is set to 'notFound(1)', a new, empty history file will be created.

Recovery

Investigation might be warranted.

tmnxSecPwdHistoryFileWriteFailed

Table 123. tmnxSecPwdHistoryFileWriteFailed properties

Property name

Value

Application name

SECURITY

Event ID

2104

Event name

tmnxSecPwdHistoryFileWriteFailed

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.36

Default severity

minor

Source stream

main

Message format string

Failed to write the password history to disk

Cause

The tmnxSecPwdHistoryFileWriteFailed notification is generated when the system is unable to store the password history when an user's password is changed.

Effect

After a reboot, the system might not be able to compare the new user password with the user's password history.

Recovery

Ensure the compact flash is present, and all file permissions are correct.

tmnxSecSignedSwCpmBootEvent

Table 124. tmnxSecSignedSwCpmBootEvent properties

Property name

Value

Application name

SECURITY

Event ID

2241

Event name

tmnxSecSignedSwCpmBootEvent

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.66

Default severity

major

Source stream

main

Message format string

CPM $tmnxChassisNotifyCpmCardSlotNum$ has booted with a secure-boot status of $tmnxCpmSecureBootEnabled$

Cause

The tmnxSecSignedSwCpmBootEvent is sent when a CPM element reboots, regardless of its secure boot configuration. The event will include relevant information about the state of secure boot on the CPM.

Effect

The indicated CPM has rebooted.

Recovery

No recovery action is required.

tmnxSecSignedSwImgValFail

Table 125. tmnxSecSignedSwImgValFail properties

Property name

Value

Application name

SECURITY

Event ID

2243

Event name

tmnxSecSignedSwImgValFail

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.68

Default severity

major

Source stream

main

Message format string

The signed software image located at $tmnxSecureBootValdImgUrl$, for CPM $tmnxChassisNotifyCpmCardSlotNum$, failed to be validated. As a result, the CPM will not boot

Cause

The tmnxSecSignedSwImgValFail notification is sent when the secure boot validation process fails for any reason to approve an image at a given URL. This event is only applicable to CPMs with secure boot enabled.

Effect

The affected CPM will not boot.

Recovery

The CPM should be examined for availability and correct configuration of its signed software image(s). A reboot will be required to attempt to validate the software again.

tmnxSecSignedSwImgValPass

Table 126. tmnxSecSignedSwImgValPass properties

Property name

Value

Application name

SECURITY

Event ID

2244

Event name

tmnxSecSignedSwImgValPass

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.69

Default severity

major

Source stream

main

Message format string

The signed software image located at $tmnxSecureBootValdImgUrl$, for CPM $tmnxChassisNotifyCpmCardSlotNum$, was validated successfully. Its boot process will continue

Cause

The tmnxSecSignedSwImgValPass notification is sent when a URL is successfully processed as an SROS image during the secure-boot process. This event is only applicable to CPMs with secure boot enabled.

Effect

The indicated CPM will continue to boot normally.

Recovery

No recovery action is required.

tmnxSSHSessionFailed

Table 127. tmnxSSHSessionFailed properties

Property name

Value

Application name

SECURITY

Event ID

2240

Event name

tmnxSSHSessionFailed

SNMP notification prefix and OID

N/A

Default severity

minor

Source stream

security

Message format string

SSH session failed from client $tmnxSecNotifyAddr$, reason '$tmnxSecSSHSessionFailedReason$'

Cause

The tmnxSSHSessionFailed notification is generated upon the failure of an SSH session establishment. The value of the object tmnxSecNotifyAddrType indicates the type of the IP address stored in the object tmnxSecNotifyAddr. The value of the object tmnxSecNotifyAddr indicates the source IP address of the user attempting to establish the SSH session. The value of the object tmnxSecSSHSessionFailedReason indicates the reason of the establishment failure.

Effect

SSH session is not established and connection is closed.

Recovery

No recovery action is required.

tmnxStateChange

Table 128. tmnxStateChange properties

Property name

Value

Application name

SECURITY

Event ID

2209

Event name

tmnxStateChange

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.11

Default severity

warning

Source stream

security

Message format string

Status of $tmnxNotifyObjectName$ changed administrative state: $tmnxNotifyRowAdminState$, operational state: $tmnxNotifyRowOperState$

Cause

There was a change in either the administrative or operational state of a MIB table entry.

Effect

N/A

Recovery

No recovery is necessary.

tmnxSysAppLicenseInsufficient

Table 129. tmnxSysAppLicenseInsufficient properties

Property name

Value

Application name

SECURITY

Event ID

2225

Event name

tmnxSysAppLicenseInsufficient

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.81

Default severity

major

Source stream

main

Message format string

License $tmnxSysAppLicenseState$ for $tmnxSysLicensingNotifyGroup$ feature ' $tmnxSysLicensedNotifyAppName$': $tmnxSysLicenseErrorReason$

Cause

The tmnxSysAppLicenseInsufficient notification is generated periodically when licensing for an application is detected to be insufficient. The details of the error is specified in tmnxSysLicenseErrorReason. This notification cannot be suppressed.

Effect

Notification generated periodically while the application remains in this condition.

Recovery

Activate a system license containing sufficient license entitlements for this application.

tmnxSysLicenseActivated

Table 130. tmnxSysLicenseActivated properties

Property name

Value

Application name

SECURITY

Event ID

2125

Event name

tmnxSysLicenseActivated

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.75

Default severity

warning

Source stream

security

Message format string

$tmnxHwIndex$ is running with a valid license.

Cause

The tmnxSysLicenseActivated notification is generated each time a license is activated on the system.

Effect

The system is running with the license specified in tmnxSysLicenseName.

Recovery

No recovery.

tmnxSysLicenseCleared

Table 131. tmnxSysLicenseCleared properties

Property name

Value

Application name

SECURITY

Event ID

2249

Event name

tmnxSysLicenseCleared

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.95

Default severity

warning

Source stream

security

Message format string

$tmnxHwIndex$ is no longer running with a license.

Cause

The tmnxSysLicenseCleared notification is generated each time a license is cleared from the system.

Effect

The system is no longer running with a license.

Recovery

No recovery.

tmnxSysLicenseExpiresSoon

Table 132. tmnxSysLicenseExpiresSoon properties

Property name

Value

Application name

SECURITY

Event ID

2092

Event name

tmnxSysLicenseExpiresSoon

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.60

Default severity

major

Source stream

security

Message format string

The license installed on $tmnxHwIndex$ expires $tmnxSysLicenseTimeLeft$.

Cause

The tmnxSysLicenseExpiresSoon notification is generated when the license is due to expire soon.

Effect

The system will reboot at the end of the time remaining, as specified by tmnxSysLicenseTimeLeft.

Recovery

Configure a valid license file location and file name.

tmnxSysLicenseInvalid

Table 133. tmnxSysLicenseInvalid properties

Property name

Value

Application name

SECURITY

Event ID

2091

Event name

tmnxSysLicenseInvalid

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.59

Default severity

major

Source stream

security

Message format string

Error - $tmnxSysLicenseErrorReason$ record. $tmnxHwIndex$ will $tmnxSysLicenseErrorAction$ $tmnxSysLicenseTimeLeft$.

Cause

Generated when the license becomes invalid for the reason specified in tmnxSysLicenseErrorReason.

Effect

The CPM or system will reboot at the end of the time remaining, as specified by tmnxSysLicenseTimeLeft and tmnxSysLicenseErrorAction.

Recovery

Configure a valid license file location and file name, given the value of tmnxSysLicenseErrorReason.

tmnxSysLicenseUpdateRequired

Table 134. tmnxSysLicenseUpdateRequired properties

Property name

Value

Application name

SECURITY

Event ID

2226

Event name

tmnxSysLicenseUpdateRequired

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.84

Default severity

major

Source stream

security

Message format string

System license update is required.

Cause

The tmnxSysLicenseUpdateRequired notification is generated once after the system boots up and the license is determined by the system to be valid, but requires to be updated to the correct software version.

Effect

The system will use the license until it is updated.

Recovery

Update and activate the updated license.

tmnxSysLicenseValid

Table 135. tmnxSysLicenseValid properties

Property name

Value

Application name

SECURITY

Event ID

2102

Event name

tmnxSysLicenseValid

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.67

Default severity

warning

Source stream

security

Message format string

$tmnxHwIndex$ is running with a valid license.

Cause

The tmnxSysLicenseValid notification is generated once after the system boots up and the license is determined by the system to be valid.

Effect

The system is running with the license specified in tmnxSysLicenseName.

Recovery

No recovery.

tmnxSysLicensingStateOk

Table 136. tmnxSysLicensingStateOk properties

Property name

Value

Application name

SECURITY

Event ID

2250

Event name

tmnxSysLicensingStateOk

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.96

Default severity

warning

Source stream

security

Message format string

$tmnxHwIndex$ no longer has licensing violations.

Cause

The tmnxSysLicensingStateOk notification is generated when all licensing violations have been cleared from the system.

Effect

The system no longer has any licensing violations.

Recovery

No recovery.

tmnxSysStandbyLicensingError

Table 137. tmnxSysStandbyLicensingError properties

Property name

Value

Application name

SECURITY

Event ID

2221

Event name

tmnxSysStandbyLicensingError

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.76

Default severity

major

Source stream

main

Message format string

$tmnxHwIndex$ is not licensed. $tmnxSysLicenseErrorReason$.

Cause

Generated when the standby detects a licensing failure. The reason is specified in tmnxSysLicenseErrorReason.

Effect

The standby CPM may not synchronized and may be put into a failed state.

Recovery

Configure a valid license file location and file name, given the value of tmnxSysLicenseErrorReason.

tmnxSysStandbyLicensingReady

Table 138. tmnxSysStandbyLicensingReady properties

Property name

Value

Application name

SECURITY

Event ID

2222

Event name

tmnxSysStandbyLicensingReady

SNMP notification prefix and OID

TIMETRA-SYSTEM-MIB.tmnxSysNotifications.77

Default severity

warning

Source stream

main

Message format string

$tmnxHwIndex$ licensing is ready.

Cause

Generated when licensing has been successfully activated by the standby.

Effect

Any licensing errors detected by the Standby CPM are cleared.

Recovery

None.

tmnxSystemPasswordChangedByAdmin

Table 139. tmnxSystemPasswordChangedByAdmin properties

Property name

Value

Application name

SECURITY

Event ID

2248

Event name

tmnxSystemPasswordChangedByAdmin

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.73

Default severity

minor

Source stream

security

Message format string

User '$tmnxSecNotifyAdminUserName$' changed the local system ' $tmnxSecNotifyLocalSystemPassword$'

Cause

The tmnxSystemPasswordChangedByAdmin notification is generated upon the change of an administrative password by a user with administrative rights. The value of the object tmnxSecNotifyAdminUserName indicates the user name who changed the password. The value of the object tmnxSecNotifyLocalSystemPassword indicates the administrative password that was changed.

Effect

Users with administrative rights will be able to authenticate with the new password only.

Recovery

No recovery action is required.

tmnxUserPasswordChangedByAdmin

Table 140. tmnxUserPasswordChangedByAdmin properties

Property name

Value

Application name

SECURITY

Event ID

2239

Event name

tmnxUserPasswordChangedByAdmin

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.64

Default severity

minor

Source stream

security

Message format string

User '$tmnxSecNotifyAdminUserName$' changed the password for user ' $tmnxSecNotifyLocalUserName$'

Cause

The tmnxUserPasswordChangedByAdmin notification is generated upon the change of a password of a local user by a user with administrative rights. The value of the object tmnxSecNotifyLocalUserName indicates the user name for which the password has been changed. The value of the object tmnxSecNotifyAdminUserName indicates the user name of the user who has changed the password.

Effect

Local user will be able to authenticate to the system with the new password only.

Recovery

No recovery action is required.

tmnxUsrProfSessionLimitExceeded

Table 141. tmnxUsrProfSessionLimitExceeded properties

Property name

Value

Application name

SECURITY

Event ID

2111

Event name

tmnxUsrProfSessionLimitExceeded

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.43

Default severity

minor

Source stream

security

Message format string

$tmnxSessionLimitExceededType$ of user profile '$tmnxSessionLimitExceededName$' has been exceeded

Cause

The tmnxUsrProfSessionLimitExceeded notification is generated when an attempt to establish a new user access session is not successful because any of SSH / Telnet / Total session limits defined for the profile of which the user is a member has been exceeded. The value of the object tmnxSessionLimitExceededName indicates the name of the user profile of which the session limit has been exceeded. The value of the object tmnxSessionLimitExceededType indicates the type of the session limit that has been exceeded.

Effect

The user access session has not been established.

Recovery

An administrator may execute one of the following actions in order to allow a successful session establishment: 1) force disconnection of an existing session(s) using 'admin disconnect' CLI command 2) increase the value of the session limit using CLI or SNMP SET operation on the corresponding object in tmnxUserProfileTable 3) revoke the profile membership for the particular user (beware that this action may have impact on user's privileges)

tSecSgndSwUefiVarsUpdtReqd

Table 142. tSecSgndSwUefiVarsUpdtReqd properties

Property name

Value

Application name

SECURITY

Event ID

2242

Event name

tSecSgndSwUefiVarsUpdtReqd

SNMP notification prefix and OID

TIMETRA-SECURITY-MIB.tmnxSecurityNotifications.67

Default severity

major

Source stream

main

Message format string

UEFI variable updates required for CPM $tmnxChassisNotifyCpmCardSlotNum$

Cause

The tSecSgndSwUefiVarsUpdtReqd is sent when a CPM element reboots with UEFI variables which are out of date with the software image that CPM is configured to boot into.

Effect

Out-of-sync UEFI variables may prevent successful reboots into signed software images and result in warnings or errors during secure-boot operations.

Recovery

The CPM and its target images should be examined and any incorrect secure-boot settings corrected to ensure proper configuration.

user_disconnect

Table 143. user_disconnect properties

Property name

Value

Application name

SECURITY

Event ID

2015

Event name

user_disconnect

SNMP notification prefix and OID

N/A

Default severity

major

Source stream

security

Message format string

User $userName$ from $srcAddr$ logged out by $disconnectedBy$

Cause

A user was logged out by the administrator.

Effect

The user's console/telnet/ftp session terminated.

Recovery

No recovery is required

vRtrIfDcpDynamicConform

Table 144. vRtrIfDcpDynamicConform properties

Property name

Value

Application name

SECURITY

Event ID

2073

Event name

vRtrIfDcpDynamicConform

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.54

Default severity

warning

Source stream

security

Message format string

Network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ newly conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicConform notification is generated when the protocol for a particular network-interface has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicEnforceAlloc

Table 145. vRtrIfDcpDynamicEnforceAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2078

Event name

vRtrIfDcpDynamicEnforceAlloc

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.59

Default severity

warning

Source stream

security

Message format string

Dynamic $vRtrIfDcpFpProtocol$ policers allocated for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$.

Cause

The vRtrIfDcpDynamicEnforceAlloc notification is generated when a dynamic enforcement policer is allocated on a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected network-interface is not in conformance with the configured parameters of the associated distributed CPU protection policy and may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpDynamicEnforceFreed

Table 146. vRtrIfDcpDynamicEnforceFreed properties

Property name

Value

Application name

SECURITY

Event ID

2079

Event name

vRtrIfDcpDynamicEnforceFreed

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.60

Default severity

warning

Source stream

security

Message format string

Dynamic $vRtrIfDcpFpProtocol$ policers freed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicEnforceFreed notification is generated when a dynamic enforcement policer is freed on a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The affected network-interface is now in conformance with the configured parameters of the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicExcd

Table 147. vRtrIfDcpDynamicExcd properties

Property name

Value

Application name

SECURITY

Event ID

2067

Event name

vRtrIfDcpDynamicExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.48

Default severity

warning

Source stream

security

Message format string

Non conformant network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicExcd notification is generated when the protocol on a particular network-interface has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpDynamicHoldDownEnd

Table 148. vRtrIfDcpDynamicHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2071

Event name

vRtrIfDcpDynamicHoldDownEnd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.52

Default severity

warning

Source stream

security

Message format string

Hold-down completed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicHoldDownEnd notification is generated when a particular network-interface completes hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol for an affected network-interface will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

vRtrIfDcpDynamicHoldDownStart

Table 149. vRtrIfDcpDynamicHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2069

Event name

vRtrIfDcpDynamicHoldDownStart

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.50

Default severity

warning

Source stream

security

Message format string

Hold-down started for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpProtocol$(dynamic). Excd count=$vRtrIfDcpFpDynExcdCount$

Cause

The vRtrIfDcpDynamicHoldDownStart notification is generated when a particular network-interface starts hold-down period for an exceeding protocol. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtProtocolDynLogEvent is configured to 'verbose'.

Effect

The protocol will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.

vRtrIfDcpLocMonExcd

Table 150. vRtrIfDcpLocMonExcd properties

Property name

Value

Application name

SECURITY

Event ID

2074

Event name

vRtrIfDcpLocMonExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.55

Default severity

warning

Source stream

security

Message format string

Local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected as non-conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcd notification is generated when the local-monitoring-policer for a particular network-interface has transitioned from a conformant state to a non-conformant state and the system will attempt to allocate dynamic enforcement policers. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpLocMonExcdAllDynAlloc

Table 151. vRtrIfDcpLocMonExcdAllDynAlloc properties

Property name

Value

Application name

SECURITY

Event ID

2076

Event name

vRtrIfDcpLocMonExcdAllDynAlloc

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.57

Default severity

warning

Source stream

security

Message format string

All dynamic policers allocated for local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcdAllDynAlloc notification is generated when all dynamic enforcement policers associated with a non-conformant local-monitoring-policer have been successfully allocated for a particular network-interface. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configure to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpLocMonExcdAllDynFreed

Table 152. vRtrIfDcpLocMonExcdAllDynFreed properties

Property name

Value

Application name

SECURITY

Event ID

2077

Event name

vRtrIfDcpLocMonExcdAllDynFreed

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.58

Default severity

warning

Source stream

security

Message format string

All dynamic policers freed for local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$.

Cause

The vRtrIfDcpLocMonExcdAllDynFreed notification is generated for a particular network-interface when all the previously allocated dynamic enforcement policers for a particular local-monitoring-policer on the associated distributed CPU protection policy have been freed up and all the protocols are once again being monitored by local-monitor. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform.

Recovery

There is no recovery required for this notification.

vRtrIfDcpLocMonExcdDynResource

Table 153. vRtrIfDcpLocMonExcdDynResource properties

Property name

Value

Application name

SECURITY

Event ID

2075

Event name

vRtrIfDcpLocMonExcdDynResource

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.56

Default severity

warning

Source stream

security

Message format string

Local monitor $vRtrIfDcpFpLocMonPlcrName$ for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected as non-conformant at $vRtrIfDcpTimeEventOccured$ and cannot allocate dynamic policers. Policy $vRtrIfDCpuProtPolicy$. Excd count=$vRtrIfDcpFpLocMonExcdCount$

Cause

The vRtrIfDcpLocMonExcdDynResource notification is generated when the local-monitoring-policer for a particular network-interface has transitioned from a conformant state to a non-conformant state and the system cannot allocate all the dynamic enforcements policers associated with the distributed CPU protection policy . This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtLocMonPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface or to the dynamic enforcement policer pool (TIMETRA-CHASSIS-MIB.mib::tmnxFPDCpuProtDynEnfrcPlcrPool).

vRtrIfDcpStaticConform

Table 154. vRtrIfDcpStaticConform properties

Property name

Value

Application name

SECURITY

Event ID

2072

Event name

vRtrIfDcpStaticConform

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.53

Default severity

warning

Source stream

security

Message format string

Network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/ $tmnxFPNum$ newly conformant at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticConform notification is generated when the static-policer for a particular network-interface has been detected as conformant for a period of the configured detection-time after having been previously detected as exceeding and completed any hold-down period. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface is now in conformance with the parameters configured for the associated distributed CPU protection policy.

Recovery

There is no recovery required for this notification.

vRtrIfDcpStaticExcd

Table 155. vRtrIfDcpStaticExcd properties

Property name

Value

Application name

SECURITY

Event ID

2066

Event name

vRtrIfDcpStaticExcd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.47

Default severity

warning

Source stream

security

Message format string

Non conformant network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ detected at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticExcd notification is generated when the static-policer on a particular network-interface has been detected as non-conformant to the associated distributed CPU protection policy parameters. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'enable' or 'verbose'.

Effect

The affected network-interface may be using more resources than expected and cause the system to under-perform. This notification may indicate a Denial of Service attack or a misconfiguration in the network.

Recovery

Appropriate configuration changes to the distributed CPU protection policy or to the affected network-interface may be required.

vRtrIfDcpStaticHoldDownEnd

Table 156. vRtrIfDcpStaticHoldDownEnd properties

Property name

Value

Application name

SECURITY

Event ID

2070

Event name

vRtrIfDcpStaticHoldDownEnd

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.51

Default severity

warning

Source stream

security

Message format string

Hold-down completed for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticHoldDownEnd notification is generated when a particular network-interface completes hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer for an affected network-interface will transition to a detection-time countdown after the hold-down period is complete.

Recovery

There is no recovery required for this notification.

vRtrIfDcpStaticHoldDownStart

Table 157. vRtrIfDcpStaticHoldDownStart properties

Property name

Value

Application name

SECURITY

Event ID

2068

Event name

vRtrIfDcpStaticHoldDownStart

SNMP notification prefix and OID

TIMETRA-VRTR-MIB.tmnxVRtrNotifications.49

Default severity

warning

Source stream

security

Message format string

Hold-down started for network_if $vRtrIfIndex$ on fp $tmnxCardSlotNum$/$tmnxFPNum$ at $vRtrIfDcpTimeEventOccured$. Policy $vRtrIfDCpuProtPolicy$. Policer= $vRtrIfDcpFpStaticPlcrName$(static). Excd count=$vRtrIfDcpFpStaticExcdCount$

Cause

The vRtrIfDcpStaticHoldDownStart notification is generated when a particular network-interface starts hold-down period for an exceeding static-policer. This notification is generated when TIMETRA-SECURITY-MIB.mib::tmnxDCpuProtStaticPlcrLogEvent is configured to 'verbose'.

Effect

The static-policer will treat all packets as non-conformant during the hold-down period.

Recovery

There is no recovery required for this notification.