| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| paloaltonetworks:logs:syslog:vpn [2020/06/04 07:25] – bstafford | paloaltonetworks:logs:syslog:vpn [2022/11/23 12:49] (current) – external edit 127.0.0.1 |
|---|
| ====== VPN Syslog Messages ====== | ====== VPN Syslog Messages ====== |
| | <code>( subtype eq vpn )</code> |
| | |
| ===== Critical ===== | ===== Critical ===== |
| <code>( subtype eq vpn ) and ( severity eq critical ) and ( eventid eq tunnel-status-up ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is down' )</code> | <code>( subtype eq vpn ) and ( severity eq critical )</code> |
| <code>( subtype eq vpn ) and ( severity eq critical ) and ( eventid eq tunnel-status-down ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is down' )</code> | <code>( eventid eq tunnel-status-up ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is down' )</code> |
| <code>( subtype eq vpn ) and ( severity eq critical ) and ( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.1.1 (type ipaddr) does not match a configured IKE gateway.' )</code> | <code>( eventid eq tunnel-status-down ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is down' )</code> |
| | <code>( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed. Peer\'s ID payload 192.168.1.1 (type ipaddr) does not match a configured IKE gateway.' )</code> |
| IKE Crypto does not match. | IKE Crypto does not match. |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-fail-common ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKE phase-1 negotiation is failed. no suitable proposal found in peer\'s SA payload.' )</code> | |
| ===== Low ===== | ===== Low ===== |
| <code>( subtype eq vpn ) and ( severity eq low ) and ( eventid eq ike-nego-p1-dpd-dn ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is down determined by DPD.' )</code> | <code>( subtype eq vpn ) and ( severity eq low )</code> |
| | <code>( eventid eq ike-nego-p1-dpd-dn ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is down determined by DPD.' )</code> |
| ===== Informational ===== | ===== Informational ===== |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( description contains 'KEYMGR sync all IPSec SA to Flow started.' )</code> | |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( description contains 'KEYMGR sync all IPSec SA to Flow started.' )</code> | |
| |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-config-p1-success ) and ( description contains 'IKE daemon configuration load phase-1 succeeded.' )</code> | <code>( subtype eq vpn ) and ( severity eq informational )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-config-p1-abort ) and ( description contains 'IKE daemon configuration load phase-1 aborted.' )</code> | <code>( description contains 'KEYMGR sync all IPSec SA to Flow started.' )</code> |
| | <code>( description contains 'KEYMGR sync all IPSec SA to Flow started.' )</code> |
| |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-config-p2-success ) and ( description contains 'IKE daemon configuration load phase-2 succeeded.' )</code> | <code>( eventid eq ike-nego-p1-fail-common ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKE phase-1 negotiation is failed. no suitable proposal found in peer\'s SA payload.' )</code> |
| | <code>( eventid eq ike-config-p1-success ) and ( description contains 'IKE daemon configuration load phase-1 succeeded.' )</code> |
| | <code>( eventid eq ike-config-p1-abort ) and ( description contains 'IKE daemon configuration load phase-1 aborted.' )</code> |
| |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-generic-event ) and ( description contains 'ignore the packet, expecting the packet encrypted.' )</code> | <code>( eventid eq ike-config-p2-success ) and ( description contains 'IKE daemon configuration load phase-2 succeeded.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-generic-event ) and ( description contains 'few isakmp message received.' )</code> | |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-generic-event ) and ( description contains 'no proposal chosen.' )</code> | |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-generic-event ) and ( description contains 'unknown ikev2 peer' )</code> | |
| |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-recv-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message received: INVALID-SPI (11).' )</code> | <code>( eventid eq ike-generic-event ) and ( description contains 'ignore the packet, expecting the packet encrypted.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-recv-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message received: INITIAL-CONTACT (24578).' )</code> | <code>( eventid eq ike-generic-event ) and ( description contains 'few isakmp message received.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-start ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is started as responder, main mode. Initiated SA: 192.168.1.1[500]-11.22.33.44[500] cookie:da9d6ef6d29fc158:ee3c8c80d04eb5da.' )</code> | <code>( eventid eq ike-generic-event ) and ( description contains 'no proposal chosen.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-succ ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is succeeded as responder, main mode. Established SA: 192.168.1.1[500]-11.22.33.44[500] cookie:da9d6ef6d29fc158:ee3c8c80d04eb5da lifetime 28800 Sec.' )</code> | <code>( eventid eq ike-generic-event ) and ( description contains 'unknown ikev2 peer' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-expire ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is expired SA: 192.168.1.1[500]-11.22.33.44[500] cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> | |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is deleted SA: 192.168.1.1[500]-11.22.33.44[500] cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> | <code>( eventid eq ike-recv-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message received: INVALID-SPI (11).' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed as initiator, main mode. Failed SA: 192.168.1.1[500]-11.22.33.44[500] cookie:28bd6af9813b58d8:0000000000000000. Due to timeout.' )</code> | <code>( eventid eq ike-recv-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message received: INITIAL-CONTACT (24578).' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed. IKE phase-1 request from gateway IKE_GW_NAME is rejected: aggr mode is not allowed by configuration.' )</code> | <code>( eventid eq ike-nego-p1-start ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is started as responder, main mode. Initiated SA: 192.168.1.1[500]-11.22.33.44[500] cookie:da9d6ef6d29fc158:ee3c8c80d04eb5da.' )</code> |
| | <code>( eventid eq ike-nego-p1-succ ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is succeeded as responder, main mode. Established SA: 192.168.1.1[500]-11.22.33.44[500] cookie:da9d6ef6d29fc158:ee3c8c80d04eb5da lifetime 28800 Sec.' )</code> |
| | <code>( eventid eq ike-nego-p1-expire ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is expired SA: 192.168.1.1[500]-11.22.33.44[500] cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> |
| | <code>( eventid eq ike-nego-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 SA is deleted SA: 192.168.1.1[500]-11.22.33.44[500] cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> |
| | <code>( eventid eq ike-nego-p1-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed as initiator, main mode. Failed SA: 192.168.1.1[500]-11.22.33.44[500] cookie:28bd6af9813b58d8:0000000000000000. Due to timeout.' )</code> |
| | <code>( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-1 negotiation is failed. IKE phase-1 request from gateway IKE_GW_NAME is rejected: aggr mode is not allowed by configuration.' )</code> |
| |
| Someone tried to connect but we could not fine a gateway with their IP. | Someone tried to connect but we could not fine a gateway with their IP. |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( object eq '11.22.33.44[500]' ) and ( description contains 'IKE phase-1 negotiation is failed. Couldn\'t find configuration for IKE phase-1 request for peer IP 11.22.33.44[500].' )</code> | <code>( eventid eq ike-nego-p1-fail-common ) and ( object eq IKE_GW_NAME ) and ( object eq '11.22.33.44[500]' ) and ( description contains 'IKE phase-1 negotiation is failed. Couldn\'t find configuration for IKE phase-1 request for peer IP 11.22.33.44[500].' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-send-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message sent: NO-PROPOSAL-CHOSEN (14).' )</code> | <code>( eventid eq ike-send-notify ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol notification message sent: NO-PROPOSAL-CHOSEN (14).' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-send-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol phase-1 SA delete message sent to peer. cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> | <code>( eventid eq ike-send-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol phase-1 SA delete message sent to peer. cookie:bc2888b0a72f89a0:c114fe089bf2d37d.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-recv-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol phase-1 SA delete message received from peer. cookie:823406e89cc4a53d:a02bb471dd4a9531.' )</code> | <code>( eventid eq ike-recv-p1-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol phase-1 SA delete message received from peer. cookie:823406e89cc4a53d:a02bb471dd4a9531.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-stale-p1 ) and ( object eq IKE_GW_NAME ) and ( description contains 'Deleting a possible stale phase-1 SA. cookie:ddde6812320597bc:1080390072deae5a.' )</code> | <code>( eventid eq ike-nego-p2-stale-p1 ) and ( object eq IKE_GW_NAME ) and ( description contains 'Deleting a possible stale phase-1 SA. cookie:ddde6812320597bc:1080390072deae5a.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-start ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 192.168.1.1[500]-11.22.33.44[500] message id:0xC9732D7B.' )</code> | <code>( eventid eq ike-nego-p2-start ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation is started as initiator, quick mode. Initiated SA: 192.168.1.1[500]-11.22.33.44[500] message id:0xC9732D7B.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-succ ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 192.168.1.1[500]-11.22.33.44[500] message id:0xC9732D7B, SPI:0xF05AF6FF/0x926E4E25.' )</code> | <code>( eventid eq ike-nego-p2-succ ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation is succeeded as initiator, quick mode. Established SA: 192.168.1.1[500]-11.22.33.44[500] message id:0xC9732D7B, SPI:0xF05AF6FF/0x926E4E25.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-simul-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'simultaneous phase-2 rekey request detected, peer is PANOS. Previous request removed. (isakmp message-id 0x00000000).' )</code> | <code>( eventid eq ike-nego-p2-simul-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'simultaneous phase-2 rekey request detected, peer is PANOS. Previous request removed. (isakmp message-id 0x00000000).' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-2 negotiation is failed as initiator, quick mode. Failed SA: 172.23.13.69[500]-35.160.196.102[500] message id:0xF0E508BD. Due to negotiation timeout.' )</code> | <code>( eventid eq ike-nego-p2-fail ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE phase-2 negotiation is failed as initiator, quick mode. Failed SA: 172.23.13.69[500]-35.160.196.102[500] message id:0xF0E508BD. Due to negotiation timeout.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-simul-cont ) and ( object eq '11.22.33.44[500]' ) and ( description contains 'simultaneous phase-2 rekey request detected, peer is PANOS. Ignore this new request. (isakmp message-id 0x1B58A60E).' )</code> | <code>( eventid eq ike-nego-p2-simul-cont ) and ( object eq '11.22.33.44[500]' ) and ( description contains 'simultaneous phase-2 rekey request detected, peer is PANOS. Ignore this new request. (isakmp message-id 0x1B58A60E).' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-proxy-id-bad ) and ( object eq ike-gw-partner-loro-t1 ) and ( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 172.20.11.0/24 type IPv4_subnet protocol 0 port 0, received remote id: 169.254.201.96/30 type IPv4_subnet protocol 0 port 0.' )</code> | <code>( eventid eq ike-nego-p2-proxy-id-bad ) and ( object eq ike-gw-partner-loro-t1 ) and ( description contains 'IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local id: 172.20.11.0/24 type IPv4_subnet protocol 0 port 0, received remote id: 169.254.201.96/30 type IPv4_subnet protocol 0 port 0.' )</code> |
| |
| This means that the IPsec crypto does not match | This means that the IPsec crypto does not match |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ikev2-nego-child-proposal-bad ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 child SA negotiation failed when processing SA payload. no suitable proposal found in peer\'s SA payload.' )</code> | <code>( eventid eq ikev2-nego-child-proposal-bad ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 child SA negotiation failed when processing SA payload. no suitable proposal found in peer\'s SA payload.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ikev2-nego-child-start ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 10.1.1.12[500]-10.1.1.11[500] message id:0x00000001.' )</code> | <code>( eventid eq ikev2-nego-child-start ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 child SA negotiation is started as responder, non-rekey. Initiated SA: 10.1.1.12[500]-10.1.1.11[500] message id:0x00000001.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ikev2-nego-ike-fail ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA: 10.1.1.12[500]-10.1.1.11[500] SPI:e076d3e7b7539fb6:d8ca8e604c94f68e.' )</code> | <code>( eventid eq ikev2-nego-ike-fail ) and ( object eq ike-gw-to-primary ) and ( description contains 'IKEv2 IKE SA negotiation is failed as responder, non-rekey. Failed SA: 10.1.1.12[500]-10.1.1.11[500] SPI:e076d3e7b7539fb6:d8ca8e604c94f68e.' )</code> |
| This means that the IKE Crypto does not match. | This means that the IKE Crypto does not match. |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-generic-event ) and ( description contains 'no proposal chosen.' )</code> | <code>( eventid eq ike-generic-event ) and ( description contains 'no proposal chosen.' )</code> |
| |
| This means that the IPsec crypto does not match. | This means that the IPsec crypto does not match. |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-nego-p2-proposal-bad ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation failed when processing SA payload. no suitable proposal found in peer\'s SA payload.' )</code> | <code>( eventid eq ike-nego-p2-proposal-bad ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE phase-2 negotiation failed when processing SA payload. no suitable proposal found in peer\'s SA payload.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-send-p2-delete ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE protocol IPSec SA delete message sent to peer. SPI:0xCFCBA3AF.' )</code> | <code>( eventid eq ike-send-p2-delete ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IKE protocol IPSec SA delete message sent to peer. SPI:0xCFCBA3AF.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ike-recv-p2-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol IPSec SA delete message received from peer. SPI:0x3EE477E4.' )</code> | <code>( eventid eq ike-recv-p2-delete ) and ( object eq IKE_GW_NAME ) and ( description contains 'IKE protocol IPSec SA delete message received from peer. SPI:0x3EE477E4.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ipsec-key-install ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key installed. Installed SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xF05AF6FF/0x926E4E25 lifetime 3600 Sec lifesize unlimited.' )</code> | <code>( eventid eq ipsec-key-install ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key installed. Installed SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xF05AF6FF/0x926E4E25 lifetime 3600 Sec lifesize unlimited.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ipsec-key-expire ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key lifetime expired. Expired SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xCFCBA3AF/0x3EE477E4.' )</code> | <code>( eventid eq ipsec-key-expire ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key lifetime expired. Expired SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xCFCBA3AF/0x3EE477E4.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq ipsec-key-delete ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key deleted. Deleted SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xCFCBA3AF/0x3EE477E4.' )</code> | <code>( eventid eq ipsec-key-delete ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'IPSec key deleted. Deleted SA: 192.168.1.1[500]-11.22.33.44[500] SPI:0xCFCBA3AF/0x3EE477E4.' )</code> |
| <code>( subtype eq vpn ) and ( severity eq informational ) and ( eventid eq tunnel-status-up ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is up' )</code> | <code>( eventid eq tunnel-status-up ) and ( object eq IPSEC_TUN_NAME ) and ( description contains 'Tunnel IPSEC_TUN_NAME is up' )</code> |
| | <code>( eventid eq ike-daemon-exit ) and ( description contains 'IKE daemon has exited.' )</code> |
| | <code>( eventid eq keymgr-ike-full-sync-abort ) and ( description contains 'KEYMGR sync all IPSec SA to IKE daemon no longer needed.' )</code> |
| | <code>( eventid eq keymgr-daemon-exit ) and ( description contains 'KEYMGR daemon has exited.' )</code> |
| | <code>( eventid eq ike-daemon-init ) and ( description contains 'IKE daemon is initializing.' )</code> |
| | <code>( eventid eq keymgr-daemon-init ) and ( description contains 'KEYMGR daemon is initializing.' )</code> |
| | <code>( eventid eq keymgr-flow-full-sync-abort ) and ( description contains 'KEYMGR sync all IPSec SA to Flow no longer needed.' )</code> |
| | <code>( eventid eq ike-daemon-start ) and ( description contains 'IKE daemon is ready.' )</code> |
| | <code>( eventid eq keymgr-daemon-start ) and ( description contains 'KEYMGR daemon is ready.' )</code> |
| | <code>( eventid eq keymgr-ike-full-sync-done ) and ( description contains 'KEYMGR sync all IPSec SA to IKE daemon exit.' )</code> |
| | <code>( eventid eq ike-config-p1-success ) and ( description contains 'IKE daemon configuration load phase-1 succeeded.' )</code> |
| | <code>( eventid eq ike-config-p2-success ) and ( description contains 'IKE daemon configuration load phase-2 succeeded.' )</code> |
| | <code>( eventid eq keymgr-flow-full-sync-start ) and ( description contains 'KEYMGR sync all IPSec SA to Flow started.' )</code> |
| | <code>( eventid eq keymgr-flow-full-sync-done ) and ( description contains 'KEYMGR sync all IPSec SA to Flow exit.' )</code> |
| | <code>( eventid eq ike-generic-event ) and ( description contains 'received notify type ESP_TFC_PADDING_NOT_SUPPORTED' )</code> |
| | <code>( eventid eq ikev2-nego-fail-common ) and ( object eq IKE_GW_OTHERNAME ) and ( description contains 'IKEv2 SA negotiation is failed. received notify type ESP_TFC_PADDING_NOT_SUPPORTED' )</code> |
| |
