IPSec Messages

IPSec Messages

Base Rule

IPSec Connection Information

Information

VMID 37124 : Preshared Key Mismatch

Sub Rule

IKE Proposal Match Failure

Error

VMID 37127 : IPSec Phase 1

Sub Rule

IKE Initiator: Phase 1 Negotiation

Activity

VMID 37129 : IPSec Phase 2

Sub Rule

IKE Initiator: Phase 2 Negotiation

Activity

VMID 37134 : IPSec Phase 1 Delete

Sub Rule

IKE Initiator: Phase 1 Negotiation

Activity

VMID 37141 : IPSec Tunnel Statistics

Sub Rule

General TUNNEL Message

Information

VMID 37133 : IPSec SA Install

Sub Rule

General IKE Message

Information

VMID 37128 : IPSec Phase 2

Sub Rule

IKE Terminated

Error

VMID 37122 : IPSec Phase 2

Sub Rule

IKE Initiator: Phase 2 Negotiation

Activity

VMID 37204 : IPSec Tunnel Statistics

Sub Rule

General TUNNEL Message

Information

VMID 37135 : IPSec Phase 2 Delete

Sub Rule

IKE Initiator: Phase 2 Negotiation

Activity

VMID 37191 : IPSec Phase 1

Sub Rule

IKE Initiator: Phase 1 Negotiation

Activity

VMID 37121 : IPSec Phase 1 Error

Sub Rule

Authentication Failure Activity

Authentication Failure

VMID 37130 : Failure

Sub Rule

IKE Proposal Match Failure

Error

VMID 37188 : Not Match Local Policy

Sub Rule

IKE Proposal Match Failure

Error

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

level

<severity>

Text/String

N/A

logid

<vmid>

<tag1>

Number

It is a unique 10-digit identifier for that specific log.

remip

<sip>

IP Address

IP Address

locip

<dip>

IP Address

N/A

remport

<sport>

Number

N/A

locport

<dport>

Number

N/A

outintf

<dinterface>

Text/String

N/A

user

<login>

Text/String

N/A

vd

<domainorigin>

Text/String

N/A

action

<process>

Text/String

N/A

cookies

<object>

Text/String

N/A

vpntunnel

<subject>

Text/String

N/A

group

<group>

Text/String

N/A

status

<command>

Text/String

N/A

rcvdbyte

<bytesin>

Number

N/A

sentbyte

<bytesout>

Number

N/A

duration

<duration>

Number

N/A