Skip to main content
Skip table of contents

Guest Message

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
pri_numN/AN/A
timeN/AN/A
IP address/hostnameN/AN/A
cat_nameN/A<vendorinfo>
msg_idN/AN/A
total_segN/AN/A
seg_numN/AN/A
timestampN/AN/A
sequence_numN/AN/A
msg_codeN/A<vmid>
<tag1>
msg_sevN/A<severity>
msg_class<process><subject> 
msg_text<status>
<tag1>		<action> 
ConfigVersionId<version>N/A
UserType<objecttype>N/A
UserName<login><account>
FirstnameN/AN/A
LastnameN/AN/A
PhoneNumberN/AN/A
MacAddress<smac><smac>
IpAddress<sip><sip>
AuthenticationIdentityStoreN/AN/A
PortalNameN/AN/A
SponsorUserN/AN/A
IdentityGroupN/AN/A
PsnHostNameN/AN/A
GuestUserN/AN/A
GuestUserNameN/AN/A
GuestFirstnameN/AN/A
GuestLastnameN/AN/A
GuestEmailAddressN/AN/A
GuestAuthenticationIdentityStoreN/AN/A
GuestTypeN/AN/A
GuestValidDaysN/AN/A
GuestLocationN/AN/A
GuestStatusN/AN/A
EPMacAddress<dmac>N/A
NADAddress<dip>N/A
ResponseTimeN/AN/A
AuditSessionId<session>N/A
ETSN/AN/A
Key1N/AN/A
Key2N/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1010154Guest MessageBase RuleGeneral POLICY InformationInformation

LogRhythm Default v2.0

Regex IDRule NameRule TypeCommon EventClassification
1012622V 2.0 Guest EventBase RuleGeneral Information Log MessageInformation
V 2.0 EVID 86001 Guest User Logged InSub RuleUser LogonAuthentication Success
V 2.0 EVID 86002 Guest Account SuspendedSub RuleAccess Revoked ActivityAccess Revoked
V 2.0 EVID 86003 Guest Account EnabledSub RuleAccount EnabledAccess Granted
V 2.0 EVID 86004 Password Changed By Guest UserSub RulePassword ModifiedAccount Modified
V 2.0 EVID 86005 Policy Accepted By Guest UserSub RulePolicy Created User/PasswordPolicy
V 2.0 EVID 86006 Guest Account CreatedSub RuleUser Account CreatedAccount Created
V 2.0 EVID 86007 Guest Account UpdatedSub RuleUser Account Attribute ModifiedAccount Modified
V 2.0 EVID 86008 Guest Account DeletedSub RuleUser Account DeletedAccount Deleted
V 2.0 EVID 86009 Guest Account Not FoundSub RuleUser Not FoundError
V 2.0 EVID 86010 Guest User Auth FailureSub RuleUser Logon FailureAuthentication Failure
V 2.0 EVID 86011 Guest User Not EnabledSub RuleUser Logon Failure Account DisabledAuthentication Failure
V 2.0 EVID 86012 Access Policy Declined By GuestSub RulePolicy Disabled User/PasswordPolicy
V 2.0 EVID 86013 Portal Not FoundSub RuleDefault Address Not FoundError
V 2.0 EVID 86014 User Account SuspendedSub RuleAccess Revoked ActivityAccess Revoked
V 2.0 EVID 86015 Invalid Password ChangeSub RulePassword ModifiedAccount Modified
V 2.0 EVID 86016 Guest Timout ExceededSub RuleUser Disconnected Due To Time OutInformation
V 2.0 EVID 86017 SessionID MissingSub RuleSession Could Not Be EstablishedWarning
V 2.0 EVID 86018 Guest CoA FailedSub RuleAuthorization FailedWarning
V 2.0 EVID 86019 Guest User RestrictedSub RuleAccess Revoked ActivityAccess Revoked
V 2.0 EVID 86020 Guest Unknown ErrorSub RuleUnknown ErrorError
V 2.0 EVID 86021 Entering Device Reg Web AuthSub RuleDevice RegisteredInformation
V 2.0 EVID 86022 Device Reg Web Auth AUP AcceptSub RuleDevice RegisteredOther Audit Success
V 2.0 EVID 86023 Device Re Web Auth AUP DeclinedSub RulePolicy Disabled DomainPolicy
V 2.0 EVID 86024 Dev Reg WAP EP Creation PassedSub RuleDevice RegisteredOther Audit Success
V 2.0 EVID 86025 Dev Reg WAP EP Creation FailedSub RuleCommunication Endpoint Creation FailureError
V 2.0 EVID 86026 Dev Reg WAP CoA Termination FailSub RuleProcess Termination FailedError
V 2.0 EVID 86027 Dev Reg WAP Send CoA TerminationSub RuleRegistrationInformation
V 2.0 EVID 86028 CoA Termination SuccessSub RuleUser Session TerminatedInformation
V 2.0 EVID 86029 CoA Termination FailedSub RuleProcess Termination FailedError
V 2.0 EVID 86030 Policy Accepted By Sponsor UserSub RuleUser Account CreatedAccount Created
V 2.0 EVID 86031 Policy Declined By Sponsor UserSub RulePolicy Disabled User/PasswordPolicy
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close