The Ally records configuration information and intrusion protection notifications in the system event log. The table below lists each message that may be generated by the Ally. The number and the associated Message Content text will appear in the event log entry.
The Type column assigns a brief name to each message. This name is used to reference the message in the Ally documentation and on the Ally Management Console “Notification Messages” page, but does not appear in the actual event log entry. The Type column also assigns the message to one of four general message categories: Configuration, Configuration Event, Detection and Information. Configuration and Configuration Event messages are always written to the event log while Detection and Information messages can be optionally disabled.
Message Number |
Message Type |
Message Content |
| 1 |
Configuration
Inside and Outside Adapters |
(Device ALLY) has been started. Network adapter (Network Adapter Number) is assigned to handle inside network traffic. Network adapter (Network Adapter Number) is assigned to handle outside network traffic. |
| 2 |
Configuration
Management Adapter |
Network adapter (Network Adapter Number) is assigned to handle management traffic.
Outbound connection requests (‘are’ or ‘are not’) blocked. Discarded outbound connection requests (‘are’ or ‘are not’) logged. |
| 3 |
Configuration
Mode |
(Device ALLY) is currently in (‘Pass Through (Inactive)’ or ‘Filter (Active)’) mode. |
| 4 |
Configuration
Inside Authentication |
Authentication of the source IP address for an inside-to-outside session request (‘is’ or ‘is not’) performed (‘for the first connection only’ or ‘for all connections’ or ‘neither is anti-recon’ or ‘’). |
| 5 |
Configuration
Outside Authentication |
Authentication of the source IP address for an outside-to-inside session request (‘is’ or ‘is not’) performed (‘for the first connection only’ or ‘for all connections’ or ‘neither is anti-recon’ or ‘’). |
| 6 |
Configuration
Incomplete Connection Timeout |
Incomplete TCP connections will timeout in (Connection Timeout Number) seconds. Connection resets (‘are’ or ‘are not’) logged. |
| 7 |
Configuration
Maximum Concurrent Connections |
Up to (Maximum Number of Connections) concurrent (‘inside-to-outside’ or ‘outside-to-inside’) connections from the same source IP address to one destination IP address and port are allowed. Discarded connections (‘are’ or ‘are not’) logged. |
| 8 |
Configuration
Idle Connection Timeout |
Idle connections will timeout in (Idle Connection Timeout Number) seconds. |
| 9 |
Configuration
IP Fragment Policy |
Fragmented packets are (‘passed through without analysis’ or ‘discarded’). If discarded, fragmented packets (‘are’ or ‘are not’) logged. |
| 10 |
Configuration
Log Invalid TCP Flags |
Packets with invalid TCP flags (‘are’ or ‘are not’) logged. |
| 11 |
Configuration
Log Invalid TCP Option |
Packets with invalid TCP options (‘are’ or ‘are not’) logged. |
| 12 |
Configuration
Prevent Data Leaks |
Packet pad bytes (‘are’ or ‘are not’) scrubbed to prevent data leaks. |
| 13 |
Configuration
Port Scan Detection |
TCP port scan detection is based on the (‘SYN’ or ‘ACK’) packet received during the three-way handshake of the connection request.
IP address blacklisting due to port scan detection (‘is’ or ‘is not’) enabled on the inside adapter and (‘is’ or ‘is not’) enabled on the outside adapter. |
| 14 |
Configuration
Inside Port Scans |
On the inside adapter, (Inside Scan Number) connection requests received from the same IP address in (Inside Scan Timeout Number) seconds will cause that IP address to be placed on the inside adapter’s blacklist. |
| 15 |
Configuration
Outside Port Scans |
On the outside adapter, (Outside Scan Number) connection requests received from the same IP address in (Outside Scan Timeout Number) seconds will cause that IP address to be placed on the outside adapter’s blacklist. |
| 16 |
Configuration
Blacklist Time Period |
An IP address will remain on the blacklist for (Port Scanning Blacklist Time Period Number) seconds for port scanning, (DNS Tunneling Blacklist Time Period) seconds for DNS tunneling and (Nonexistent Destination Blacklist Time Period) seconds for attempting to access a nonexistent destination. Blacklisting events (‘will be’ or ‘will not be’) logged. |
| 17 |
Configuration
TCP Policy |
TCP packets are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. |
| 18 |
Configuration
ARP Policy |
ARP packets are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. If discarded, ARP packets (‘are’ or ‘are not’) logged. |
| 19 |
Configuration
ICMP Policy |
ICMP packets are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. If discarded, ICMP packets (‘are’ or ‘are not’) logged. |
| 20 |
Configuration
UDP Policy |
UDP packets are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. If discarded, UDP packets (‘are’ or ‘are not’) logged. |
| 21 |
Configuration
Other IP Policy |
Other IP packets are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. If discarded, other IP packets (‘are’ or ‘are not’) logged. |
| 22 |
Configuration
Non-IP Non-ARP Policy |
Packets that are not IP and are not ARP are (‘passed through without’ or ‘handled according to policy’ or ‘discarded without’) analysis. If discarded, non-IP and non-ARP packets (‘are’ or ‘are not’) logged. |
| 23 |
Configuration
ICMP Echo Request Policy |
ICMP Echo packets are (‘passed through without analysis’ or ‘discarded’). |
| 24 |
Configuration
ICMP Echo Reply Policy |
ICMP Echo Reply packets are (‘passed through without analysis’ or ‘discarded’). |
| 25 |
Configuration
ICMP Destination Unreachable Policy |
ICMP Destination Unreachable packets are (‘passed through without analysis’ or ‘discarded’). |
| 26 |
Configuration
ICMP Port Unreachable Policy |
ICMP Port Unreachable packets are (‘passed through without analysis’ or ‘discarded’). |
| 27 |
Configuration
ICMP Source Quench Policy |
ICMP Source Quench packets are (‘passed through without analysis’ or ‘discarded’). |
| 28 |
Configuration
ICMP Redirect Policy |
ICMP Redirect packets are (‘passed through without analysis’ or ‘discarded’). |
| 29 |
Configuration
ICMP Time Exceeded Policy |
ICMP Time Exceeded packets are (‘passed through without analysis’ or ‘discarded’). |
| 30 |
Configuration
ICMP Parameter Problem Policy |
ICMP Parameter Problem packets are (‘passed through without analysis’ or ‘discarded’). |
| 31 |
Configuration
ICMP Timestamp Request Policy |
ICMP Timestamp packets are (‘passed through without analysis’ or ‘discarded’). |
| 32 |
Configuration
ICMP Timestamp Reply Policy |
ICMP Timestamp Reply packets are (‘passed through without analysis’ or ‘discarded’). |
| 33 |
Configuration
ICMP Information Request Policy |
ICMP Information Request packets are (‘passed through without analysis’ or ‘discarded’). |
| 34 |
Configuration
ICMP Information Reply Policy |
ICMP Information Reply packets are (‘passed through without analysis’ or ‘discarded’). |
| 35 |
Configuration
ICMP Address Mask Policy |
ICMP Address Mask Request packets are (‘passed through without analysis’ or ‘discarded’). |
| 36 |
Configuration
ICMP Address Mask Reply Policy |
ICMP Address Mask Reply packets are (‘passed through without analysis’ or ‘discarded’). |
| 37 |
Configuration
ICMP Traceroute Policy |
ICMP Traceroute packets are (‘passed through without analysis’ or ‘discarded’). |
| 38 |
Configuration
ICMP Conversion Error Policy |
ICMP Conversion Error packets are (‘passed through without analysis’ or ‘discarded’). |
| 39 |
Configuration
ICMP Domain Name Policy |
ICMP Domain Name Request packets are (‘passed through without analysis’ or ‘discarded’). |
| 40 |
Configuration
ICMP Domain Name Reply Policy |
ICMP Domain Name Reply packets are (‘passed through without analysis’ or ‘discarded’). |
| 41 |
Configuration
DNS Policy |
DNS packets are (‘handled according to policy’ or ‘discarded without’) analysis. If discarded, DNS packets (‘are’ or ‘are not’) logged. |
| 42 |
Configuration
DNS Tunneling Detection |
DNS tunneling detection is (‘enabled’ or ‘disabled’). If enabled, (Number of DNS Tunnel Packets) tunnel packets in (DNS Tunnel Timeout Number) seconds will cause the originating IP address to be blacklisted. |
| 43 |
Configuration
DNS Cache Poisoning Detection |
DNS cache poisoning packets (‘are’ or ‘are not’) discarded. |
| 44 |
Configuration
Maximum Segment Size Range |
The TCP Maximum Segment Size range has been set to (Numeric Value) - (Numeric Value). |
| 45 |
Configuration
Remote System Statistics Timeout |
Remote system information is retained for (Numeric Value) seconds after verification. |
| 46 |
Configuration
Permanent Blacklist/Whitelist |
The permanent blacklist and/or whitelist has been (‘updated’ or ‘initialized’). |
| 47 |
Configuration
Normal Start |
Normal startup for the (Device ALLY) driver has completed. |
| 48 |
Detection
Dynamic Blacklist Add |
The IP address (IP Address) was added to the (‘inside’ or ‘outside’) dynamic blacklist because (‘port scanning’ or ‘DNS tunneling’) was detected. |
| 49 |
Detection
Dynamic Blacklist Remove |
The IP address (IP Address) has been removed from the (‘inside’ or ‘outside’) dynamic blacklist. |
| 50 |
Information
Connection Reset |
The Connection from IP address (Source IP Address) port (Source Port) to (Destination IP Address) port (Destination Port) has been reset. |
| 51 |
Detection
Discard TCP Packet, Flags |
A TCP Packet with flags (TCP Flags) from IP address (Source IP Address) to (Destination IP Address) was discarded. |
| 52 |
Detection
Discard TCP Packet, Option |
A TCP Packet with option (Hexadecimal Representation of TCP Option) from IP address (Source IP Address) to (Destination IP Address) was discarded. |
| 53 |
Detection
Discard Fragmented Packet |
A fragmented packet from IP address (Source IP Address) to (Destination IP Address) with IP id (IP ID) was discarded. |
| 54 |
Detection
Discard Outbound Management |
An outbound connection request packet on the management adapter was discarded. |
| 55 |
Detection
Discard ARP Packet |
An ARP packet from IP address (Source IP Address) was discarded. |
| 56 |
Detection
Discard ICMP Packet |
An ICMP (‘echo (ping)’ or ‘echo (ping) reply’ or ‘destination unreachable’ or ‘port unreachable’ or ‘source quench’ or ‘redirect’ or ‘time exceeded’ or ‘parameter problem’ or ‘timestamp’ or ‘timestamp reply’ or ‘information request’ or ‘information reply’ or ‘address mask request’ or ‘address mask reply’ or ‘traceroute’ or ‘conversion errors’ or ‘domain name request’ or ‘domain name reply’) packet from IP address (Source IP Address) to (Destination IP Address) was discarded. |
| 57 |
Detection
Discard UDP Packet |
A UDP packet from IP address (Source IP Address) port (Source Port) to (Destination IP Address) port (Destination Port) was discarded. |
| 58 |
Detection
Discard DNS Packet |
A DNS query packet from IP address (Source IP Address) to (Destination IP Address) DNS ID (DNS ID) was discarded because a possible DNS tunneling attempt was detected. |
| 59 |
Configuration Event
Configuration Reload |
(‘Console User’ or User Name) reloaded the configuration from (‘the factory default settings’). |
| 60 |
Configuration Event
Set Adapter Number |
(‘Console User’ or User Name) set the (‘inside’ or ‘outside’ or ‘management’) adapter to network interface number ‘Network Interface Number). |
| 61 |
Configuration Event
Set Management IP |
(‘Console User’ or User Name) changed the management adapter to IP address (IP Address), netmask (Mask), gateway (Gateway), DNS1 (DNS1), DNS2 (DNS2). |
| 62 |
Configuration Event
Clear Statistics |
(‘Console User’ or User Name) cleared the packet statistics. |
| 63 |
Configuration Event
Set SNMP/Syslog Agent Variable |
(‘Console User’ or User Name) set the ALLY SNMP/Syslog agent's configuration variable (Variable Name) to (New Variable Value). |
| 64 |
Configuration Event
SNMP/Syslog Agent Reload |
The ALLY SNMP/Syslog agent was directed to (‘reload its configuration’ or ‘restart’) by (‘Console User’ or User Name). |
| 65 |
Configuration Event
User Change |
(‘Console User’ or User Name) (‘added’ or ‘removed’ or ‘changed’) account (User Name). |
| 66 |
Configuration Event
Password Change |
(‘Console User’ or User Name) changed his/her password. |
| 67 |
Configuration Event
Time Change |
(‘Console User’ or User Name) changed the system time to (Time). |
| 68 |
Configuration Event
Reboot |
(‘Console User’ or User Name) (‘rebooted’ or ‘shutdown’) the ALLY system. |
| 69 |
Configuration Event
Set Management DHCP |
(‘Console User’ or User Name) changed the management adapter to a DHCP IP address. |
| 70 |
Detection
Discard Other IP Packet |
An IP packet of type (Numeric IP Protocol ID) (not TCP, UDP or ICMP) from IP address (Source IP Address) to (Destination IP Address) was discarded. |
| 71 |
Detection
Discard Undefined Packet |
A Non-IP, Non-ARP packet of type (Numeric MAC Protocol ID) from source MAC (Source MAC Address) to destination MAC (Destination MAC Address) was discarded. |
| 72 |
Configuration
Adapter Watchdog Timer Setting |
Watchdog timer is (‘enabled’ or ‘disabled’). If enabled, the watchdog timer timeout value is (Numeric Value) seconds. |
| 73 |
Configuration
Network Flood Alert Setting |
Network flood is defined as (Numeric Value) packets in 1 second. Alert notification will be sent to all SNMP and Syslog servers every (Numeric Value) minutes. |
| 74 |
Configuration Event
Changes to Management Access List |
Access to the management adapter has been (‘added’ or ‘removed’) for IP address (or range) (IP Address) by (‘Console User’ or User Name). |
| 75 |
Detection
DNS Cache Poisoning |
A DNS response packet with DNS ID (DNS ID) from IP address (Source IP Address) to (Destination IP Address) was discarded because a DNS cache poisoning attempt was detected. |
| 76 |
Detection
DNS ID Mismatch |
A DNS response packet with DNS ID (DNS ID) from IP address (Source IP Address) to (Destination IP Address) was discarded because the DNS ID does not match the request. |
| 77 |
Detection
DNS Host Not Queried |
A DNS response packet with DNS ID (DNS ID) from IP address (Source IP Address) to (Destination IP Address) was discarded because a DNS query was not made to that host. |
| 78 |
Configuration Event
Additional DNS Servers |
The IP address (or range) (IP Address) has been (‘added to’ or ‘removed from’) the Additional DNS Server list by (‘Console User’ or User Name). |
| 79 |
Detection
Discard Packet Due to Max Connections |
A TCP connection from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was rejected because the maximum number of concurrent connections has been reached. |
| 80 |
Configuration Event
Permanent Blacklist or Whitelist Change |
The IP address (or range) (IP Address) has been (‘added to’ or ‘removed from’) the (‘Inside’ or ‘Outside’) permanent (‘black’ or ‘white’)list by (‘Console User’ or User Name). |
| 81 |
Detection
Discard Packet due to Blacklisted IP |
An IP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the source IP is on the blacklist. |
| 82 |
Information
Discard Packet due to Memory Error |
An IP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the system could not allocate memory. |
| 83 |
Detection
Discard Packet due to Incorrect State |
A TCP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) with flags (TCP Flags) was discarded because the state is incorrect. |
| 84 |
Information
Discard Packet due to Discard All TCP |
A TCP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the TCP policy is set to discard all TCP packets. |
| 85 |
Information
Discard Packet due to Discard All UDP |
A UDP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the UDP policy is set to discard all UDP packets. |
| 86 |
Information
Discard Packet due to Discard All ICMP |
A ICMP packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the ICMP policy is set to discard all ICMP packets. |
| 87 |
Information
Discard Packet due to Discard All DNS |
A DNS packet from (Source IP Address):(Source Port Number) to (Destination IP Address):(Destination Port Number) was discarded because the DNS policy is set to discard all DNS packets. |
| 88 |
Configuration
Discard due to Maximum Connection Setting |
Packets discarded because the maximum number of concurrent connections has been reached (‘will be’ or ‘will not be’) logged. |
| 89 |
Configuration
Discard due to Blacklisted IP Setting |
Packets discarded because the source IP is on the blacklist (‘will be’ or ‘will not be’) logged. |
| 90 |
Configuration
Discard due to Memory Error Setting |
Packets discarded because the system could not allocate memory (‘will be’ or ‘will not be’) logged. |
| 91 |
Configuration
Discard due to Incorrect State Setting |
Packets discarded because the state is incorrect (‘will be’ or ‘will not be’) logged. |
| 92 |
Configuration
Discard due to Discard All TCP Setting |
Packets discarded because the TCP policy is set to discard all TCP packets (‘will be’ or ‘will not be’) logged. |
| 93 |
Configuration
Discard due to Discard All UDP Setting |
Packets discarded because the UDP policy is set to discard all UDP packets (‘will be’ or ‘will not be’) logged. |
| 94 |
Configuration
Discard due to Discard All ICMP Setting |
Packets discarded because the ICMP policy is set to discard all ICMP packets (‘will be’ or ‘will not be’) logged. |
| 95 |
Configuration
Discard due to Discard All DNS Setting |
Packets discarded because the DNS policy is set to discard all DNS packets (‘will be’ or ‘will not be’) logged. |
| 96 |
Configuration
Management Access Information |
The management access list has been (‘updated’ or ‘initialized’). |
| 97 |
Configuration
Additional DNS Server Information |
The Additional DNS Server list has been (‘updated’ or ‘initialized’). |
| 98 |
Detection
Network Flood Alert Messages |
The Ally has detected a network flood. |
| 99 |
Configuration
Blacklisting Based on Nonexistent Destination Traffic |
Blacklisting for nonexistent destination: port from inside-to-outside (‘is’ or ‘is not’) enabled. Blacklisting for nonexistent destination: port from outside-to-inside (‘is’ or ‘is not’) enabled. |
| 100 |
Configuration Event
Unavailable Destination Whitelist Update |
The IP address (or range) (IP Address): (Port Number) has been (‘added to’ or ‘removed from’) the Unavailable Destination Whitelist by (‘Console User’ or User Name). |
| 101 |
Configuration
Unavailable Destination Whitelist Information |
The Unavailable Destination Whitelist has been (‘updated’ or ‘initialized’). |
| 102 |
Configuration
Reply to All Echo (Ping) Requests |
Automatic echo replies (‘are’ or ‘are not’) generated in response to echo requests. |
| 103 |
Detection
Dynamic Blacklist Add with Source and Destination |
The IP address (IP Address) was added to the (‘inside’ or ‘outside’) dynamic blacklist because (‘nonexistent destination traffic’) was detected (Source (Source IP Address):(Source Port Number), Destination (Destination IP Address):(Destination Port Number)). |
