常见日志说明

 

 接口上电后提示信息，为正常信息：

 *Jan  1 08:02:16: %LINK-3-UPDOWN: Interface GigabitEthernet 0/0, changed state to up.

 *Jan  1 08:02:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 0/0, changed state to up.

 

 Telnet用户登录信息 ：

 *Oct 12 01:57:30: %LOGIN-5-LOGIN_SUCCESS: User (admin) login from vty0(172.25.0.191) OK.

 *Oct 12 02:08:29: %LOGIN-5-LOGOUT: User (admin) logout from vty0(172.25.0.191).

 

 内网环路报错（接口G0/0收到的数据报文超过了接口缓存）：

 拓扑环境：路由器内网口与二层口自环

 *Jan  1 08:08:30: %DEV_AUDIT-4-HIGH_NO_BUFFER: Warning! The number of no buffer of interface GigabitEthernet 0/0 exceeded threshold 50000. 1117767 no   buffers increased within 1 minute.

 

 内网环路报错（提示收到内网口攻击，ip为内网口地址）：

 拓扑环境：路由器下连交换机自环

 *Jan  1 08:35:36: %EF_RNFP-5-ATTACK: System attack record at 1970-01-01 08:35:27, System was attacked for 9s. Total 3664 pkts, 234496 bytes. TOP1  ip.192.168.1.1: 3664 pkts, 234496 bytes, from Gi0/0.

Ruijie#show arp-suspect ----->查看arp嫌疑主机

IP address      MAC address

192.168.1.1     5869.6c14.ca47

 

 内网地址与接口地址冲突提示信息（内网mac地址为6ce8.7348.54b4的主机与内网口地址冲突，建议排查内网环境）：

 *Oct  8 19:58:32: %ARP-4-DUPADDR: Duplicate address 192.168.2.1 on GigabitEthernet 0/1, sourced by 6ce8.7348.54b4.

 *Oct  8 19:56:50: %ARP-4-DUPADDR: Duplicate address 192.168.2.1 on GigabitEthernet 0/1, sourced by 6ce8.7348.54b4.

 

 ARP欺骗日志（内网mac为 507a.55a3.d2eb的主机存在ARP欺骗嫌疑，建议排查内网）：

*Oct 12 07:17:03: %ARP-4-ATTACK: The host whose mac is 507a.55a3.d2eb, may be an arp spoof host..

*Oct 12 07:16:51: %ARP-4-ATTACK: The host whose mac is 507a.55a3.d2eb, may be an arp spoof host..

 

 受攻击日志：

 *Oct 12 11:39:45: %EF_RNFP-5-ATTACK: System attack record at 2016-10-12 11:39:39, System in attack 6s.

  通过以下命令查看攻击主机以及判断攻击来自内网还是外网：

      Ruijie#show attack-info history

System attack record at 2016-10-12 11:39:39, System in attack 6s

ALL: 570 packets, 38352 bytes

PROTOCOL         packets        bytes

ARP              506            30360        

TCP              2              128          

UDP              59             7570         

other            3              294          

TOP10 IP attack:

IP               packets        bytes            interface

192.168.1.29     62             3720             Gi0/0

192.168.1.3      60             3600             Gi0/0

192.168.1.12     60             3600             Gi0/0

 

设备提示冷启动( 冷启动是设备下电后重启；热启动是web界面上重启（软件重启)

 *Nov  8 14:09:04: %SYS-5-COLDSTART: System coldstart

 

 启机出现bcm53115寄存器读写失败 ，是硬件问题，建议联系400处理

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .GE_SWITCH-3-BCM53115: read error at line 65

 .Main Program File Name rgos.bin, Load Main Program ...