Breadcrumbs

BGP Events

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

BGP Events

Base Rule

General BGP Message

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 2901, 2902, 2903, 2904, 2905, 2906, 2907, 2908, 2909, 2910, 2911, 2912, 2913, 2914, 2915, 2916, 2917, 2918, 2919, 2920

Severity

<severity>

Text/String

For All: Information
For 2919:  Critical

Message

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2901:
Logs the changes in BGP connection state.

 

<subject>
<dip>
<result>
<reason>
<object>

Text/String/IP Address

Event ID 2902:
Logs the failure in BGP connection state changes.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2903:
Trap when the number of received prefix reaches the maximum prefix value.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2904:
Trap when the number of received prefix reached the threshold value.

 

<subject>
<amount>
<object>

Text/String/Number

Event ID 2905:
Logs BGP enable event.

 

<subject>
<amount>
<object>

Text/String/Number

Event ID 2906:
Logs BGP disable event.

 

<subject>
<object>

Text/String

Event ID 2907:
Logs BGP router-id change.

 

<subject>
<dip>
<dname>
<object>

Text/String/IP Address

Event ID 2908:
Logs creation of BGP peer.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2909:
Logs BGP peer session reset event.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2910:
Logs BGP peer password change event.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2911:
Logs deletion of BGP peer.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2912:
Logs BGP peer admin disable event

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2913:
Logs BGP peer admin enable event.

 

<subject>
<dip>
<dname>
<object>

Text/String/IP Address

Event ID 2914:
Logs BGP peer remote-as change event.

 

<subject>
<dip>
<sname>
<object>

Text/String/IP Address

Event ID 2915:
BGP peer local-as change event.

 

<subject>
<dip>
<sip>
<object>

Text/String/IP Address

Event ID 2916:
Logs peer source address change event.

 

<subject>
<dip>
<sip>
<object>

Text/String/IP Address

Event ID 2917:
Logs configuration of peer remove-private-as.

 

<subject>
<dip>
<object>

Text/String/IP Address

Event ID 2918:
Logs peer identifier has been matched with local identifier.

 

<subject>
<size>
<object>

Text/String/Number

Event ID 2919:
Trap when the rib size reaches the threshold value.

 

<subject>
<group>
<dname>
<object>

Text/String

Event ID 2920:
Logs BGP peer-group remote-as configuration event.