AudioCodes Mediant 800B User Manual page 178

Active blacklist entries:
10.33.5.110(NI:0) remaining 00h:00m:10s in blacklist
Where SI is the SIP Interface and NI is the network interface.
The device also sends IDS notifications and alarms in Syslog messages to a Syslog
server. This occurs only if you have configured Syslog (see 'Enabling Syslog' on page
936). An example of a Syslog message with IDS alarms and notifications is shown below:
Figure 13-8: Syslog Message Example with IDS Alarms and Notifications
The table below lists the Syslog text messages per malicious event:
Table 13-6: Types of Malicious Events and Syslog Text String
Reason
Connection TLS authentication failure
Abuse

Malformed
Messages






Authentication
Failure 

Dialog
Establishment 
Failure




Abnormal Flow

User's Manual
Description
Message exceeds a user-defined maximum
message length (50K)
Any SIP parser error
Message policy match
Basic headers not present
Content length header not present (for TCP)
Header overflow
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
Classification failure
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
Malicious signature pattern detected
Requests and responses without a matching
transaction user (except ACK requests)
Requests and responses without a matching
transaction (except ACK requests)
Mediant 800B Gateway & E-SBC
178
Syslog String
abuse-tls-auth-fail

malformed-invalid-
msg-len

malformed-parse-error

malformed-message-
policy

malformed-miss-
header

malformed-miss-
content-len

malformed-header-
overflow

auth-establish-fail

auth-reject-response

establish-classify-fail

establish-route-fail

establish-local-reject

establish-remote-
reject

establish-malicious-
signature-db-reject

flow-no-match-tu

flow-no-match-
transaction
Document #: LTRT-10298