Skip to main content
Skip table of contents

AD-Connector Messages

Vendor Documentation

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
pri_numN/AN/A
timeN/AN/A
IP address/hostnameN/AN/A
cat_nameN/A<vendorinfo>
msg_idN/AN/A
total_segN/AN/A
seg_numN/AN/A
timestampN/AN/A
sequence_numN/AN/A
msg_codeN/A<vmid>
<tag1>
msg_sev<severity><severity>
msg_class<process><subject> 
msg_text<status><action> 
ConfigVersionIdN/AN/A
AD-Account-Name<account>
AD-Domain<domainorigin><domainorigin>
AD-Domain-ControllerN/AN/A
AD-Hostname<dname>N/A
AD-IP-Address<dip><sip>
AD-Error-Details<reason>
<result>
N/A
AD-ForestN/AN/A
AD-IP-Address-Black-ListedN/AN/A
AD-Log-Id<session>N/A
AD-Trusted-DomainN/AN/A
AD-SiteN/AN/A
AD-Srv-QueryN/AN/A
AD-Srv-RecordN/AN/A
AD-Srv-RecordN/AN/A
AD-Srv-RecordN/AN/A
AD-Srv-RecordN/AN/A
Key1N/AN/A
Key2N/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex IDRule NameRule TypeCommon EventClassification
1011231AD-Connector MessagesBase RuleGeneral Active Directory InformationInformation

LogRhythm Default v2.0

Regex IDRule NameRule TypeCommon EventClassification
1012598V 2.0 AD Connector EventBase RuleGeneral Information Log MessageInformation
V 2.0 EVID 25000: ISE Server Pwd Update SuccessSub RulePerforming Password ChangeInformation
V 2.0 EVID 25001: ISE Server Pwd Update FailureSub RulePassword Change FailedError
V 2.0 EVID 25002: ISE Server TGT Refresh SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25003: Machine TGT Refresh FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25004: AD Connector StartSub RuleProcess/Service StartedStartup and Shutdown
V 2.0 EVID 25005: AD Connector StoppedSub RuleProcess/Service StoppedStartup and Shutdown
V 2.0 EVID 25006: AD Connector RestartSub RuleProcess/Service StoppedStartup and Shutdown
V 2.0 EVID 25007: Join Point Connector StartSub RuleProcess/Service StoppedStartup and Shutdown
V 2.0 EVID 25008: Join Point Connector StopSub RuleProcess/Service StoppedStartup and Shutdown
V 2.0 EVID 25009: Trusted Domain Discovery SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25010: Trusted Domain Discovery FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25011: Domain Join SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25012: Domain Join FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25013: Domain Leave SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25014:  Domain Leave FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25015: DNS SRV Query SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25016: DNS SRV Query FailureSub RuleDNS Query FailedError
V 2.0 EVID 25017: DC Discovery SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25018: DC Discovery FailureSub RuleDomain Controller UnreachableError
V 2.0 EVID 25019: KDC Discovery SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25020: KDC Discovery FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25021: GC Discovery SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25022: GC Discovery FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25023: LDAP Connect To DC SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25024: LDAP Connect To DC FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25025: LDAP Connect To GC SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25026: LDAP Connect To GC FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25027: RPC Connect To DC SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25028: RPC Connect To DC FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25029: KDC Connect To DC SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25030: KDC Connect To DC FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25031: AD Provider Failed To StartSub RuleServer Failed To StartError
V 2.0 EVID 25032: Trusted Domain DiscoveredSub RuleDomain Trust InformationInformation
V 2.0 EVID 25033: DNS A/AAAA Query SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25034: DNS A/AAAA Query FailureSub RuleDNS Query FailedError
V 2.0 EVID 25035: Writeable DC Discovery SuccessSub RuleSuccessful ActivityOther Audit Success
V 2.0 EVID 25036: Writeable DC Discovery FailureSub RuleGeneral Action FailureError
V 2.0 EVID 25037: DC Record CachedSub RuleCache InformationInformation
V 2.0 EVID 25038: GC Record CachedSub RuleCache InformationInformation
V 2.0 EVID 25039: LDAP SASL Bind FailureSub RuleSASLAUTHD ErrorError
V 2.0 EVID 25040: RPC SC Establishment FailureSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25041: ISE Server Site DiscoveredSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25042: ISE Server Not Assigned To ADSub RuleGeneral Active Directory WarningWarning
V 2.0 EVID 25043: No DC Found In ISE Server SiteSub RuleTime Service Couldn't Find Domain ControllerWarning
V 2.0 EVID 25044: Communication To Domain FailureSub RuleCommunications FailedError
V 2.0 EVID 25045: Configured NameServer DownSub RuleThe Server Is DownInformation
V 2.0 EVID 25046: Joined Domain Is UnavailableSub RuleRADIUS Domain UnavailableError
V 2.0 EVID 25047: Auth Domain Is UnavailableSub RuleRADIUS Domain UnavailableError
V 2.0 EVID 25048: AD Forest Is UnavailableSub RuleGeneral Active Directory InformationInformation
V 2.0 EVID 25049: Machine Account Not FoundSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25050: Machine Account Deleted From ADSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25051: Machine Account Deletion FailedSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25052: Periodic Trusts Discovery StartSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25053: Detected Offline ForestSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25054: Trust Removed By DiscoverySub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25055: DC Added To BlacklistSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25056: DC Removed From BlacklistSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25057: No Privileges For ISE Mac Acc.Sub RuleInsufficient PrivilegesError
V 2.0 EVID 25058: ISE Is Not Joined To AD DCSub RuleGeneral Active Directory ErrorError
V 2.0 EVID 25100: Connecting To External REST IDSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25101: Successful Connect To Ext RESTSub RuleConnection EstablishedNetwork Traffic
V 2.0 EVID 25102: Connection To Ext REST DB FailSub RuleGeneral Database ErrorError
V 2.0 EVID 25103: Plain Text Pwd Auth In Ext RESTSub RuleGeneral Authentication InformationInformation
V 2.0 EVID 25104: Plain Text Pwd Auth SuccessSub RuleAuthentication ActivityAuthentication Success
V 2.0 EVID 25105: Plain Text Pwd Auth FailureSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 EVID 25106: REST Indicated Pwd Auth FailureSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 EVID 25107: REST ID Store Server RespondSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25108: No User Groups Included To RESTSub RuleGeneral Information Log MessageInformation
V 2.0 EVID 25109: ISE Starts Set User GroupsSub RuleCache InformationInformation
V 2.0 EVID 25110: User Grp Insert To Session CacheSub RuleCache InformationInformation
V 2.0 EVID 25111: Failed To Set User GroupsSub RuleCache InformationInformation
V 2.0 EVID 25112: REST DB Indicated Pwd Auth FailSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 EVID 25113: Skipping AD AuthenticationSub RuleGeneral Active Directory WarningWarning
V 2.0 EVID 25114: Low Bad Password For AD InstanceSub RuleGeneral Active Directory ErrorError
V 2.0 EVID 25115: Fail To Fetch User Attr From ADSub RuleGeneral Active Directory ErrorError
V 2.0 EVID 25116: No Bad Pwd Count Attribute In ADSub RuleGeneral Active Directory ErrorError
V 2.0 EVID 25117: AD Is Part Of ID SequenceSub RuleGeneral Active Directory WarningWarning
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.