CIsco ASA Audit Events
Event ID Description
101001 101001: Failover cable OK
101002 101002: Bad failover cable
101003 101003: Failover cable not connected (this unit)
101004 101004: Failover cable not connected (other unit)
101005 101005: Error reading failover cable status
103001 103001: No response from other firewall
103002 103002: Other firewall network interface OK
103003 103003: Other firewall network interface failed
103004 103004: Other firewall reports this firewall failed
103005 103005: Other firewall reporting failure
103006 103006: Mate version is not compatible with this
103007 103007: Mate version number is not identical with our version number
103008 103008: Mate hwdib is not compatible
104001 104001: Switching to Active
104002 104002: Switching to Standby
104003 104003: Switching to Failed
104004 104004: Switching to OK
104500 104500: Switching to Active
104501 104501: Switching to Backup
104502 104502: Becoming backup unit failed
105001 105001: Disabling failover
105002 105002: Enabling failover
105003 105003: Monitoring on an interface waiting
105004 105004: Monitoring on an interface normal
105005 105005: Lost failover communications with mate on an interface
105006 105006: Link status up on an interface
105007 105007: Link status down on an interface
105008 105008: Testing an interface
105009 105009: Testing an interface (Passed / Failed)
105010 105010: Failover message block allocation failed
105011 105011: Failover cable communication failure
105020 105020: Incomplete / slow configuration replication
105021 105021: Standby unit failed to sync due to a locked configuration
105031 105031: Failover LAN interface is up
105032 105032: Failover LAN interface is down
105033 105033: LAN failover cmd interface down and up again
105034 105034: Receive a LAN failover interface up message from peer
105035 105035: Receive a LAN failover interface down msg from peer
105036 105036: Dropped a LAN failover command message
105037 105037: The primary and standby units are switching back and forth as the Active unit
105038 105038: Interface count mismatch
105039 105039: Unable to verify the interface count with mate
105040 105040: Mate failover version is not compatible
105041 105041: Command failed during sync
105042 105042: Failover interface OK
105043 105043: Failover interface failed
105044 105044: Mate operational mode is not compatible with my mode
105045 105045: Mate license is not compatible with my license
105046 105046: Mate has a different chassis
105047 105047: Mate has a card in slot which is different from my card
105048 105048: Mate_s service module is different from mine
105050 105050: ASAv ethernet interface mismatch
105500 105500: Started HA
105501 105501: Stopped HA
105502 105502: Restarting cloud HA on this unit
105503 105503: Internal state change
105504 105504: Connected to peer
105505 105505: Failed to connect to peer unit
105506 105506: Unable to create socket on port for failover connection or load balancer probes
105507 105507: Unable to bind socket on port for failover connection or load balancer probes
105508 105508: Error creating failover connection socket on port
105509 105509: Error sending message to peer unit
105510 105510: Error receiving message from peer unit
105511 105511: Incomplete read of message header from peer unit
105512 105512: Error receiving body of message from peer unit
105513 105513: Incomplete read of body of message from peer unit
105514 105514: Error occurred when responding to message received from peer unit
105515 105515: Error receiving message from peer unit
105516 105516: Incomplete read of header of message from peer unit
105517 105517: Error receiving body of message from peer unit
105518 105518: Incomplete read of body of message from peer unit
105519 105519: Invalid response to message received from peer unit
105520 105520: Responding to Azure Load Balancer probes
105521 105521: No longer responding to Azure Load Balancer probes
105522 105522: Updating route
105523 105523: Route updated
105524 105524: Transitioning to negotiating state due to the presence of another Active HA unit
105525 105525: Incomplete configuration to initiate access token change request
105526 105526: Unexpected status in response to access token request
105527 105527: Failure reading response to access token request
105528 105528: No access token in response to access token request
105529 105529: Error creating authentication header from access token
105530 105530: No response to access token request URL
105531 105531: Failed to obtain route-table information needed for change request
105532 105532: Unexpected status in response to route-table change request
105533 105533: Failure reading response to route-table change request
105534 105534: No provisioning state in response to route-table change request
105535 105535: No response to route-table change request from URL
105536 105536: Failed to obtain Azure authentication header for route status request
105537 105537: Unexpected status in response to route state request
105538 105538: Failure reading response to route state request
105539 105539: No response to route state request from URL
105540 105540: No route-tables configured
105541 105541: Failed to update route-table
105542 105542: Enabling load balancer probe responses
105543 105543: Disabling load balancer probe responses
105544 105544: Error creating load balancer probe socket on port
105545 105545: Error starting load balancer probe socket on port
105546 105546: Error starting load balancer probe handler
105547 105547: Error generating encryption key for Azure secret key
105548 105548: Error storing encryption key for Azure secret key
105549 105549: Error retrieving encryption key for Azure secret key
105550 105550: Error encrypting Azure secret key
105551 105551: Error decrypting Azure secret key
105552 105552: Stopped HA
105553 105553: Detected another Active HA unit
106001 106001: Inbound TCP connection denied
106002 106002: Connection denied by outbound list
106006 106006: Deny inbound UDP on interface
106007 106007: Deny inbound UDP due to DNS
106010 106010: Deny inbound traffic
106011 106011: Deny inbound (no xlate) string
106012 106012: Deny IP packet
106013 106013: Dropping echo request to PAT address
106014 106014: Deny inbound ICMP source
106015 106015: Deny TCP packet
106016 106016: Deny IP spoof on interface
106017 106017: Deny IP packet due to land attack
106018 106018: ICMP packet type denied by outbound list
106020 106020: Deny IP teardrop fragment
106021 106021: Deny protocol reverse path check
106022 106022: Deny protocol connection spoof
106023 106023: Deny protocol by access group
106024 106024: Access rules memory exhausted
106025 106025: Failed to determine the security context for a packet
106026 106026: Failed to determine the security context for a packet
106027 106027: Deny source by access-group
106101 106101: The number of ACL log deny-flows has reached limit
106102 106102: Packet permitted or denied by ACL applied through VPN filter
106103 106103: Packet denied by ACL applied through VPN filter
107001 107001: RIP authentication failed
107002 107002: RIP packet failed
108002 108002: SMTP replaced string
108003 108003: Terminating ESMTP/ SMTP connection
108004 108004: Configured action taken after ESMTP classification
108005 108005: Standalone log action taken after ESMTP classification
108006 108006: Detected ESMTP size violation
108007 108007: TLS started on ESMTP session between client and server
109001 109001: Authentication started for user
109002 109002: Authentication failed
109003 109003: All authentication server failed
109005 109005: Authentication succeeded for a user
109006 109006: Authentication failed for user due to incorrect password
109007 109007: Authorization permitted for user
109008 109008: Authorization denied for user due to incorrect password
109010 109010: Authentication failed due to many pending requests
109011 109011: Authentication session started
109012 109012: Authentication session ended
109013 109013: User must authenticate before using this service
109014 109014: Non-Telnet connection was denied to the configured virtual Telnet IP address.
109016 109016: Unable to find authorization ACL for user
109017 109017: User exceeded authentication proxy connection limit
109018 109018: Downloaded ACL is empty
109019 109019: Downloaded ACL has parsing error
109020 109020: Downloaded ACL has configuration error
109021 109021: User authentication null proxy error
109022 109022: Exceeded HTTPS proxy process limit
109023 109023: User must authenticate before using the service
109024 109024: Authorization denied for unauthenticated user
109025 109025: Authorization denied due to check failure
109026 109026: Invalid reply digest received
109027 109027: Unable to decipher response message
109028 Error message 109028: AAA bypassed for same-security traffic
109029 109029: Parsing downloaded string
109030 109030: Auto-detect ACL convert wildcard did not convert ACL
109031 109031: NT Domain Authentication Failed
109032 109032: Unable to install ACL
109033 109033: Authentication failed for admin user
109034 109034: Authentication failed for network user
109035 109035: Exceeded maximum number of DAP attribute instances for user
109036 109036: Exceeded 1000 attribute values for an attribute of a user
109037 109037: Exceeded 5000 attribute values for an attribute of a user
109038 109038: Value of attribute from AAA server could not be parsed as a string representation of the attribute name
109039 109039: Dropping an unsupported IPv6/IP46/IP64 packet
109040 109040: User exceeded auth proxy rate limit of 10 connections/sec
109100 109100: Received CoA update
109101 109101: Received CoA disconnect request
109102 109102: Received CoA but unable to find named session
109103 109103: Received CoA but failed to process successfully
109104 109104: Received CoA but action not supported
109105 109105: Failed to determine the egress interface for locally generated traffic
110002 110002: Failed to locate egress interface
110003 110003: Routing failed to locate next hop
110004 110004: Egress interface changed
111001 111001: Writing to a device
111002 111002: Reading from a device
111003 111003: Erase configuration
111004 111004: End configuration
111005 111005: End configuration
111007 111007: Reading from device
111008 111008: User executed a command
111009 111009: User executed a command
111010 111010: User running application from IP address and executed a command
111111 111111: Error message
112001 112001: Clear complete
113001 113001: Unable to open AAA session as session limit was reached
113003 113003: AAA group policy for user is set to a policy
113004 113004: Operation on an IPsec or WebVPN connection successful
113005 113005: AAA authentication on a connection failed
113006 113006: User locked out on exceeding number of successive failed authentication attempts
113007 113007: User unlocked by administrator
113008 113008: AAA transaction accepted
113009 113009: AAA retrieved default group policy for a user
113010 113010: AAA challenge received for a user from a server
113011 113011: AAA retrieved user specific group policy for a user
113012 113012: AAA user authentication successful in local database
113013 113013: AAA unable to complete a request
113014 113014: AAA authentication server not accessible
113015 113015: AAA user authentication rejected in local database
113016 113016: AAA credentials rejected
113017 113017: AAA credentials rejected in local database
113018 113018: Unsupported ACL entry downloaded
113019 113019: Idle user is disconnected
113020 113020: Clock skew with server more than 300 seconds
113021 113021: Attempted console login failed because user did not have appropriate admin rights
113022 113022: AAA Marking RADIUS server in aaa-server group AAA-using-DNS as FAILED
113023 113023: AAA marking server in server group as Active
113024 113024: Authenticating connection from client certificate
113025 113025: Unable to authenticate connection
113026 113026: Error while executing Lua script for a group
113027 113027: Error activating tunnel-group scripts
113028 113028: Extraction of username from VPN client certificate
113029 113029: Unable to establish session
113030 113030: ACL from AAA doesn't exist on the device
113031 113031: ACL not applied because VPN filter is an IPv6 ACL
113032 113032: ACL not applied because VPN filter is an IPv4 ACL
113033 113033: ACL parse error
113034 113034: AV-PAIR ACL used as user ACL from AAA ignored
113035 113035: AnyConnect not enabled or invalid AnyConnect image on the ASA
113036 113036: AAA parameter value invalid
113037 113037: Reboot pending and new sessions disabled
113038 113038: Unable to create AnyConnect parent session
113039 113039: AnyConnect parent session started
113040 113040: Terminating the VPN connection attempt
113041 113041: Redirect ACL configured for an IP address does not exist on the device
113042 113042: Non-HTTP connection denied by redirect filter
114001 114001: Failed to initialize 4GE SSM I/O card
114002 114002: Failed to initialize SFP in 4GE SSM I/O card
114003 114003: Failed to run cached commands in 4GE SSM I/O card
114004 114004: 4GE SSM I/O Initialization start
114005 114005: 4GE SSM I/O Initialization end
114006 114006: Failed to get port statistics in 4GE SSM I/O card
114007 114007: Failed to get current MSR in 4GE SSM I/O card
114008 114008: Failed to enable port after link is up in 4GE SSM I/O card
114009 114009: Failed to set multicast address in 4GE SSM I/O card
114010 114010: Failed to set multicast hardware address in 4GE SSM I/O card
114011 114011: Failed to delete multicast address in 4GE SSM I/O card
114012 114012: Failed to delete multicast hardware address in 4GE SSM I/O card
114013 114013: Failed to set MAC address table in 4GE SSM I/O card
114014 114014: Failed to set MAC address in 4GE SSM I/O card
114015 114015: Failed to set mode in 4GE SSM I/O card
114016 114016: Failed to set multicast mode in 4GE SSM I/O card
114017 114017: Failed to get link status in 4GE SSM I/O card
114018 114018: Failed to set port speed in 4GE SSM I/O card
114019 114019: Failed to set media type in 4GE SSM I/O card
114020 114020: Port link speed is unknown in 4GE SSM I/O card
114021 114021: Failed to set multicast address table in 4GE SSM I/O card
114022 114022: Failed to pass broadcast traffic in 4GE SSM I/O card
114023 114023: Failed to cache/flush MAC table in 4GE SSM I/O card
115000 115000: Critical assertion in process
115001 115001: Error in process
115002 115002: Warning in process
120001 120001: Smart Call Home module is started
120002 120002: Smart Call Home module is terminated
120003 120003: Smart Call Home module retrieved event to process
120004 120004: Event dropped
120005 120005: Message dropped
120006 120006: Delivering message failed
120007 120007: Message delivered
120008 120008: SCH client activated
120009 120009: SCH client deactivated
120010 120010: Notify command to SCH client failed
120011 120011: Ensure Smart Call Home can properly communicate with Cisco
120012 120012: User chose a Call Home anonymous reporting at the prompt
199001 199001: Reload command executed from Telnet
199002 199002: ASA startup completed and beginning operation
199003 199003: Reducing link MTU
199005 199005: ASA startup began
199010 199010: Signal 11 caught in a process or fiber
199011 199011: Close condition on bad channel in a process or fiber
199012 199012: Stack Smash condition detected
199013 199013: Variable syslog
199014 199014: Variable syslog
199015 199015: Variable syslog
199016 199016: Variable syslog
199017 199017: Variable syslog
199018 199018: Variable syslog
199019 199019: Variable syslog
199020 199020: System memory utilization has reached a percentage
199021 199021: System memory utilization has reached the configured watchdog trigger level
201002 201002: Too many TCP connections
201003 201003: Embryonic limit exceeded
201004 201004: Too many UDP connections
201005 201005: FTP data connection failed
201006 201006: RCMD back-connection failed for an IP address or a port
201008 201008: Disallowing new connections
201009 201009: TCP connection limit exceeded
201010 201010: Embyonic connection limit exceeded
201011 201011: Connection limit exceeded
201012 201012: Per-client embryonic connection limit exceeded
201013 201013: Per-client connection limit exceeded
202001 202001: Out of address translation slots
202005 202005: Non-embryonic object in embryonic list
202010 202010: NAT or PAT pool exhausted
202016 202016: Unable to allocate SIP secondary channel for message
208005 208005: Clear command return code
209003 209003: Fragment database limit exceeded
209004 209004: Invalid IP fragment
209005 209005: Too many elements in a fragment set
210001 210001: LU error
210002 210002: LU allocate block failed
210003 210003: Unknown LU object
210005 210005: LU allocate connection failed
210006 210006: LU look NAT failed
210007 210007: LU allocate xlate failed
210008 210008: LU no xlate
210010 210010: LU making UDP connection failed
210020 210020: LU PAT port reserve failed
210021 210021: LU create static xlate failed
210022 210022: LU missed updates
211001 211001: Memory allocation error
211003 211003: Error in computed percentage CPU usage value
211004 211004: Minimum memory requirement for ASA not met
212001 212001: Unable to open SNMP channel
212002 212002: Unable to open SNMP trap channel
212003 212003: Unable to receive SNMP request
212004 212004: Unable to send SNMP response
212005 212005: Incoming SNMP request exceeds data buffer size
212006 212006: Dropping SNMP request
212009 212009: Configuration request for an SNMP group failed
212010 212010: Configuration request for SNMP user failed
212011 212011: SNMP engineBoots is set to maximum value
212012 212012: Unable to write SNMP engine data to persistent storage
213001 213001: PPTP control daemon socket I/O error
213002 213002: PPTP tunnel hashtable insert failed
213003 213003: PPP virtual interface is not opened
213004 213004: PPP virtual interface client IP allocation failed
213005 213005: DAP action aborted
213006 213006: Unable to read DAP record
213007 213007: Failed to install redirect URL
214001 214001: Terminating manager session
215001 215001: Bad route_compress() call
216001 216001: Internal error
216002 216002: Unexpected event
216003 216003: Unrecognized timer
216004 216004: Internal logic error
216005 216005: Duplex mismatch resulted in transmitter backup
217001 217001: No memory for string
218001 218001: Failed identification test
218002 218002: Module is not certified for live network operation
218003 218003: Module is obsolete
218004 218004: Failed identification test
218005 218005: Inconsistency detected in the system information programmed in non-volatile memory
219002 219002: I2C serial bus API error
302003 302003: Built H245 connection
302004 302004: Preallocate H.323 UDP back connection
302010 302010: TCP connection restarted
302012 302012: Pre-allocate H225 Call Signalling Connection
302013 302013: Built TCP connection
302014 302014: Teardown TCP connection
302015 302015: Built UDP connection
302016 302016: Teardown UDP connection
302017 302017: Built GRE connection
302018 302018: Teardown GRE connection
302019 302019: H.323 library failed to initialize
302020 302020: Built inbound or outbound ICMP connection
302021 302021: Teardown ICMP connection
302022 302022: Built stub TCP connection
302023 302023: Teardown stub TCP connection
302024 302024: Built stub UDP connection
302025 302025: Teardown stub UDP connection
302026 302026: Built stub ICMP connection
302027 302027: Teardown stub ICMP connection
302033 302033: Preallocated H.323 GUP connection
302034 302034: Unable to pre-allocate H323 GUP Connection
302035 302035: Built inbound or outbound SCTP connection
302036 302036: Teardown SCTP connection
302302 302302: IPsec proxy mismatch
302303 302303: Built TCP state-bypass connection
302304 302304: Teardown TCP state-bypass connection
302305 302305: Built SCTP state-bypass connection
302306 302306: Teardown SCTP state-bypass connection
303002 303002: FTP connection in progress
303004 303004: FTP command unsupported
303005 303005: Strict FTP inspection matched in policy map
304001 304001: URL accessed
304002 304002: Access denied to URL
304003 304003: URL server timed out
304004 304004: URL server request failed
304005 304005: URL server request pending
304006 304006: URL server not responding
304007 304007: URL server not responding. Entering allow mode
304008 304008: URL server is up. Leaving allow mode
304009 304009: Run out of buffer blocks specified by url-block command
305005 305005: No translation group found
305006 305006: Translation creation failed
305007 305007: Orphan IP
305008 305008: Free unallocated global IP address
305009 305009: Built dynamic or static translation
305010 305010: Teardown dynamic or static translation
305011 305011: Built TCP, UDP, or ICMP translation
305012 305012: Teardown TCP, UDP, or ICMP translation
305013 305013: Connection denied due to NAT reverse path failure
305014 305014: Block of ports allocated for translation
305016 305016: Unable to create connection
308001 308001: Console enable password incorrect
308002 308002: IP addresses specified in static commands overlap
311001 311001: LU loading standby start
311002 311002: LU loading standby end
311003 311003: LU received thread update
311004 311004: LU xmit thread update
312001 312001: RIP hdr failed
313001 313001: ICMP packet denied
313004 313004: ICMP packet denied
313005 313005: No matching connection for ICMP error message
313008 313008: Denied ICMPv6
313009 313009: Denied invalid ICMP code
314001 314001: Pre-allocated RTSP UDP backconnection
314002 314002: RTSP failed to allocate UDP media connection
314003 314003: RTSP traffic dropped
314004 314004: RTSP client accessed RTSP URL
314005 314005: RTSP client denied access to RTSP URL
314006 314006: RTSP client exceeds configured rate limit
315004 315004: Failed to establish SSH session
315011 315011: SSH session disconnected by SSH server
315012 315012: Weak SSH type provided
315013 315013: SSH session rekeyed successfully
316001 316001: New tunnel denied as VPN peer limit exceeded
316002 316002: Error in VPN handle
317001 317001: No memory available
317002 317002: Bad path index
317003 317003: IP routing table creation failure
317004 317004: IP routing table limit warning
317005 317005: IP routing table limit exceeded
317006 317006: PDB index error
317007 317007: Route added
317008 317008: Route deleted
317012 317012: Interface IP route counter negative
318001 318001: Internal error
318002 318002: Router flagged as an ABR without a backbone area
318003 318003: Reached unknown state in neighbor state machine
318004 318004: Problem locating link site advertisement
318005 318005: Inconsistency between OSPF database and IP routing table
318006 318006: Internal error
318007 318007: OSPF enabled during IDB initialization
318008 318008: OSPF process is changing router id
318009 318009: Reference of stale data encountered in function
318101 318101: Internal error
318102 318102: ABR without backbone area
318103 318103: Reached unknown state in neighbor state machine
318104 318104: DB already exists
318105 318105: Inconsistency between OSPF database and IP routing table
318106 318106: Internal error
318107 318107: OSPF is enabled during IDB initialization
318108 318108: OSPF process is changing router-id
318109 318109: OSPFv3 has received an unexpected message
318110 318110: Invalid encrypted key
318111 318111: SPI already in use with OSPF process
318112 318112: SPI already being used by a process other than OSPF process
318113 318113: SPI already configured
318114 318114: The key length used with an SPI is not valid
318115 318115: Error when attempting to create an IPsec policy for an SPI
318116 318116: SPI not being used by OSPF process
318117 318117: Policy could not be removed because it is in use
318118 318118: Error when attempting to remove the IPsec policy
318119 318119: Unable to close secure socket
318120 318120: OSPFv3 unable to register with IPsec
318121 318121: IPsec reported a general error
318122 318122: IPsec sent a message to OSPFv3. Recovery attempted
318123 318123: IPsec sent a message to OSPFv3. Recovery aborted
318125 318125: Interface initilaization failed
318126 318126: Interface attached to more than one area
318127 318127: Could not allocate or find neighbor
319001 319001: Acknowledgement of ARP update for IP address not received
319002 319002: Acknowledgement of route update for IP address not received
319003 319003: ARP update for IP address to network processor failed
319004 319004: Route update for IP address failed
320001 320001: Subject name of the peer cert not allowed for connection
321001 321001: Resource limit reached
321002 321002: Resource rate limit reached
321003 321003: Resource log level reached
321004 321004: Resource rate log level reached
321005 321005: System CPU utilization reached a certain percentage
321006 321006: System memory usage reached a certain percentage
321007 321007: System is low on free memory blocks
322001 322001: Deny MAC address
322002 322002: ARP inspection check failed for request or response received from a host advertising an IP address that is statically or dynamically bound to another MAC address
322003 322003: ARP inspection check failed for request or response received from a host advertising an IP address that is not bound to any MAC address
322004 322004: No management IP address configured for transparent firewall. Dropping protocol packet
323001 323001: Module experienced control communication failure
323002 323002: Module unable to shut down. Shut down request not answered
323003 323003: Module unable to reload. Reload request not answered
323004 323004: Module failed to write new version of software
323005 323005: Module cannot be started completely
323006 323006: Module experienced data channel communication failure
323007 323007: Module experienced firmware failure and recovery is in progress
324000 324000: Drop GTPv
324001 324001: GTPv0 packet parsing error
324002 324002: No PDP exists to process GTPv0
324003 324003: No matching request to process GTPv
324004 324004: GTP packet not supported
324005 324005: Unable to create tunnel
324006 324006: GSN tunnel limit exceeded
324007 324007: Unable to create a GTP connection for response
324008 324008: No PDP exists to update the data SGSN
324300 324300: Radius accounting request has an incorrect request authenticator
324301 324301: Radius accounting request has bad header
325001 325001: Router has conflicting ND settings
325002 325002: Duplicate address present
325004 325004: IPv6 extension header
325005 325005: Invalid IPv6 extension header content
325006 325006: IPv6 extension header not in order
326001 326001: Unexpected error in the timer library
326002 326002: IGMP process failed to shut down
326004 326004: Internal error occurred while processing a packet queue
326005 326005: MRIB notification failed
326006 326006: Entry creation failed
326007 326007: Entry update failed
326008 326008: MRIB registration failed
326009 326009: MRIB connection opening failed
326010 326010: MRIB unbinding failed
326011 326011: MRIB table deletion failed
326012 326012: Initialization of functionality failed
326013 326013: Internal error
326014 326014: Initialization failed
326015 326015: Communication error
326016 326016: Failed to set unnumbered interface
326017 326017: Interface manager error
326019 326019: Error in creating PIM RP tunnel interface
326020 326020: Error in processing PIM interface list
326021 326021: Error in setting the SRC of a PIM tunnel interface
326022 326022: PIM process failed to shut down
326023 326023: Error in processing PIM group range
326024 326024: Internal error while processing packet queue