IPSec Messages

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
IPSec Messages	Base Rule	IPSec Connection Information	Information
VMID 37124 : Preshared Key Mismatch	Sub Rule	IKE Proposal Match Failure	Error
VMID 37127 : IPSec Phase 1	Sub Rule	IKE Initiator: Phase 1 Negotiation	Activity
VMID 37129 : IPSec Phase 2	Sub Rule	IKE Initiator: Phase 2 Negotiation	Activity
VMID 37134 : IPSec Phase 1 Delete	Sub Rule	IKE Initiator: Phase 1 Negotiation	Activity
VMID 37141 : IPSec Tunnel Statistics	Sub Rule	General TUNNEL Message	Information
VMID 37133 : IPSec SA Install	Sub Rule	General IKE Message	Information
VMID 37128 : IPSec Phase 2	Sub Rule	IKE Terminated	Error
VMID 37122 : IPSec Phase 2	Sub Rule	IKE Initiator: Phase 2 Negotiation	Activity
VMID 37204 : IPSec Tunnel Statistics	Sub Rule	General TUNNEL Message	Information
VMID 37135 : IPSec Phase 2 Delete	Sub Rule	IKE Initiator: Phase 2 Negotiation	Activity
VMID 37191 : IPSec Phase 1	Sub Rule	IKE Initiator: Phase 1 Negotiation	Activity
VMID 37121 : IPSec Phase 1 Error	Sub Rule	Authentication Failure Activity	Authentication Failure
VMID 37130 : Failure	Sub Rule	IKE Proposal Match Failure	Error
VMID 37188 : Not Match Local Policy	Sub Rule	IKE Proposal Match Failure	Error

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
level	<severity>	Text/String	N/A
logid	<vmid> <tag1>	Number	It is a unique 10-digit identifier for that specific log.
remip	<sip>	IP Address	IP Address
locip	<dip>	IP Address	N/A
remport	<sport>	Number	N/A
locport	<dport>	Number	N/A
outintf	<dinterface>	Text/String	N/A
user	<login>	Text/String	N/A
vd	<domainorigin>	Text/String	N/A
action	<process>	Text/String	N/A
cookies	<object>	Text/String	N/A
vpntunnel	<subject>	Text/String	N/A
group	<group>	Text/String	N/A
status	<command>	Text/String	N/A
rcvdbyte	<bytesin>	Number	N/A
sentbyte	<bytesout>	Number	N/A
duration	<duration>	Number	N/A