AudioCodes Mediant 800B User Manual page 156

The device also sends IDS notifications and alarms in Syslog messages to a Syslog
server. This only occurs if you have configured Syslog (see ''Enabling Syslog'' on page
701). An example of a Syslog message with IDS alarms and notifications is shown below:
Figure 13-9: Syslog Message Example with IDS Alarms and Notifications
The table below lists the Syslog text messages per malicious event:
Table 13-6: Types of Malicious Events and Syslog Text String
Type
Connection TLS authentication failure
Abuse

Malformed
Messages






Authentication
Failure


Dialog
Establishment 
Failure



Abnormal Flow

User's Manual
Description
Message exceeds a user-defined maximum
message length (50K)
Any SIP parser error
Message policy match
Basic headers not present
Content length header not present (for TCP)
Header overflow
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
Classification failure
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
Requests and responses without a matching
transaction user (except ACK requests)
Requests and responses without a matching
transaction (except ACK requests)
Mediant 800B Gateway and E-SBC
156
Syslog String
abuse-tls-auth-fail

malformed-invalid-
msg-len

malformed-parse-error

malformed-message-
policy

malformed-miss-
header

malformed-miss-
content-len

malformed-header-
overflow

auth-establish-fail

auth-reject-response

establish-classify-fail

establish-route-fail

establish-local-reject

establish-remote-
reject

flow-no-match-tu

flow-no-match-
transaction
Document #: LTRT-10286