It is great idea to capture the logs. The meanings of the error are following:
1. %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=[IP_address], prot=[dec], spi=[hex]([dec])
A received IPSec packet specifies an SPI that does not exist in SADB. This may be a temporary condition because of slight differences in the aging of SAs between the IPSec peers or because the local SAs have been cleared. It may also be caused by invalid packets sent by the IPSec peer. This activity could be considered a hostile event.
Recommended Action: If the local SAs have been cleared, the peer may not know. In this case, if a new connection is established from the local router, the two peers may reestablish successfully. If the problem occurs for more than a brief period, either attempt to establish a new connection or contact the peer administrator.
2. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not an initialization offer
IKE maintains the current state for a communication in the form of security associations. No security association exists for the specified packet, and it is not an initial offer from the peer to establish one. This situation could indicate a denial-of-service attack.
Recommended Action: Contact the remote peer and the administrator of the remote peer.
3. %CRYPTO-4-PKT_REPLAY_ERR: [chars] connection id=[dec]
The replay processing has failed. The failed replay processing may be a temporary condition caused by the wait for new SAs to be established. In the inbound case, this error might also be caused by an actual replay attack. This activity can be considered a hostile event.
Recommended Action: If the problem appears to be more than a transient one, contact the peer administrator.
4. %LINEPROTO-5-UPDOWN: Line protocol on Interface [chars], changed state to [chars]
The data link level line protocol has changed state.
Recommended Action: No action is required