Cisco UPDOWN Message 1
Vendor Documentation
https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html |
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| Header : Severity | <severity> | N/A |
| seq no | <processid> | N/A |
| hostname | <dname> | N/A |
| timestamp | N/A | N/A |
| facility | <vmid> <tag1> <vendorinfo> | N/A |
| severity | <tag2> <vendorinfo> | N/A |
| MNEMONIC | <vendorinfo> | N/A |
| description | <subject> <dinterface> <tag3> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|---|
| 93 | Cisco UPDOWN Message | Base Rule | General Operations | Other Operations |
| Interface Up | Sub Rule | Network Interface Changed State To Up | Information | |
| Interface Down | Sub Rule | Network Interface Changed State To Down | Error | |
| Protocol Up | Sub Rule | Network Protocol Changed State To Up | Information | |
| Protocol Down | Sub Rule | Network Protocol Changed State To Down | Error | |
| General Network State Changed | Sub Rule | General Network State Changed | Error | |
| Interface Up (Changed By Admin) | Sub Rule | Network Interface Changed State To Down | Error | |
| Protocol Up | Sub Rule | Network Protocol Changed State To Up | Information | |
| Protocol Down | Sub Rule | Network Protocol Changed State To Down | Error |
LogRhythm Default v2.0
N/A