BGP Events

Vendor Documentation

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

Classification

Rule Name	Rule Type	Common Event	Classification
BGP Events	Base Rule	General BGP Message	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Event ID	<vmid>	Number	Event ID 2901, 2902, 2903, 2904, 2905, 2906, 2907, 2908, 2909, 2910, 2911, 2912, 2913, 2914, 2915, 2916, 2917, 2918, 2919, 2920
Severity	<severity>	Text/String	For All: Information For 2919: Critical
Message	<subject> <dip> <object>	Text/String/IP Address	Event ID 2901: Logs the changes in BGP connection state.
	<subject> <dip> <result> <reason> <object>	Text/String/IP Address	Event ID 2902: Logs the failure in BGP connection state changes.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2903: Trap when the number of received prefix reaches the maximum prefix value.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2904: Trap when the number of received prefix reached the threshold value.
	<subject> <amount> <object>	Text/String/Number	Event ID 2905: Logs BGP enable event.
	<subject> <amount> <object>	Text/String/Number	Event ID 2906: Logs BGP disable event.
	<subject> <object>	Text/String	Event ID 2907: Logs BGP router-id change.
	<subject> <dip> <dname> <object>	Text/String/IP Address	Event ID 2908: Logs creation of BGP peer.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2909: Logs BGP peer session reset event.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2910: Logs BGP peer password change event.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2911: Logs deletion of BGP peer.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2912: Logs BGP peer admin disable event
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2913: Logs BGP peer admin enable event.
	<subject> <dip> <dname> <object>	Text/String/IP Address	Event ID 2914: Logs BGP peer remote-as change event.
	<subject> <dip> <sname> <object>	Text/String/IP Address	Event ID 2915: BGP peer local-as change event.
	<subject> <dip> <sip> <object>	Text/String/IP Address	Event ID 2916: Logs peer source address change event.
	<subject> <dip> <sip> <object>	Text/String/IP Address	Event ID 2917: Logs configuration of peer remove-private-as.
	<subject> <dip> <object>	Text/String/IP Address	Event ID 2918: Logs peer identifier has been matched with local identifier.
	<subject> <size> <object>	Text/String/Number	Event ID 2919: Trap when the rib size reaches the threshold value.
	<subject> <group> <dname> <object>	Text/String	Event ID 2920: Logs BGP peer-group remote-as configuration event.