AudioCodes Mediant 800B MSBR User Manual page 172


To view the blacklist:
# show voip security ids blacklist active
For example:
Active blacklist entries:
10.33.5.110(NI:0) remaining 00h:00m:10s in blacklist
Where SI is the SIP Interface and NI is the network interface.
The device also sends IDS notifications and alarms in Syslog messages to a Syslog
server. This occurs only if you have configured Syslog (see ''Enabling Syslog'' on page
719). An example of a Syslog message with IDS alarms and notifications is shown below:
Figure 17-10: Syslog Message Example with IDS Alarms and Notifications
The table below lists the Syslog text messages per malicious event:
Table 17-6: Types of Malicious Events and Syslog Text String
Type
Connection TLS authentication failure
Abuse

Malformed
Messages






Authentication
Failure 

Dialog
Establishment 
Failure



Abnormal Flow

User's Manual
Description
Message exceeds a user-defined maximum
message length (50K)
Any SIP parser error
Message policy match
Basic headers not present
Content length header not present (for TCP)
Header overflow
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
Classification failure
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
Requests and responses without a matching
transaction user (except ACK requests)
Requests and responses without a matching
transaction (except ACK requests)
172
Mediant 800B MSBR
Syslog String
abuse-tls-auth-fail

malformed-invalid-
msg-len

malformed-parse-error

malformed-message-
policy

malformed-miss-
header

malformed-miss-
content-len

malformed-header-
overflow

auth-establish-fail

auth-reject-response

establish-classify-fail

establish-route-fail

establish-local-reject

establish-remote-
reject

flow-no-match-tu

flow-no-match-
transaction
Document #: LTRT-12813