IP Source Lockdown Events

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

IP Source Lockdown Events

Base Rule

General Information Log Message

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 9801, 9802, 9803, 9804, 9805, 9806, 9807

Severity

<severity>

Text/String

For All: Information
For 9801:  Warning
For 9802:  Critical

Message

<subject>

Text/String

Event ID 9801:
This log event informs the user that IP_SOURCE_LOCKDOWN resource utilization has reached 80 percent of the supported limits

<subject>

Text/String

Event ID 9802:
This log event informs the user that IP_SOURCE_LOCKDOWN resource utilization has
exceeded the supported limits

<subject>

Text/String

Event ID 9803:
This log event informs the user that IP_SOURCE_LOCKDOWN resource utilization has
reduced below 80 percent of the supported limits

<subject>
<dinterface>

Text/String

Event ID 9804:
Log event when IPV4_SOURCE_LOCKDOWN is enabled on an interface

<subject>
<dinterface>

Text/String

Event ID 9805:
Log event when IPV4_SOURCE_LOCKDOWN is disabled on an interface

<subject>
<dinterface>

Text/String

Event ID 9806:
Log event when IPV6_SOURCE_LOCKDOWN is enabled on an interface

<subject>
<dinterface>

Text/String

Event ID 9807:
Log event when IPV6_SOURCE_LOCKDOWN is disabled on an interface