Skip to main content
Skip table of contents

LSO : Syslog - Cisco ISE (Mapping Doc)

This document explains the changes required to apply new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project for the Syslog - Cisco ISE log source type. 

Vendor Documentation


Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message TypeEvent Type
Accounting MessagesAccounting Request Received
AD-Connector MessagesGeneral Active Directory Information
Administrative And Operational AuditGeneral Audit
Advanced License ProblemsLicense Error
Alarm InformationAlarm Event
Anomalous Behavior DetectedSuspicious Activity
Catch All : Level 1General Information
Catch All : Level 2 - Passed AuthenticationsAuthentication Activity
Catch All : Level 3 - CISE_ProfilerSuspicious Activity
Catch All : Level 3 - Passed AuthenticationsAuthentication Activity
Catch All : Passed AuthenticationsAuthentication Activity
Certificate And Authentication MessagesCertificate Revocation List Download Failure
Cisco Access SuccessGeneral Access
Cisco AuthTypeGeneral Authentication Information
Cisco UPDOWN MessageGeneral Operations
CISE Failed Attempts Format 2Connection Attempt
CISE Posture And Client Provisioning  AuditGeneral Auditing Message
CISE_Authentication_Flow_DiagnosticsDiagnostic Information
CISE_Posture_and_Client_Provisioning_Audit - 2General Policy Compliance Information
Data Purge AuditDatabase Maintenance
Data Purging OperationsDatabase Maintenance
Devices Successfully RegisteredDevice Registered
DOT1X FAILGeneral Operations
EAP Authentication InformationAuthentication Activity
EAP Connection TimeoutConnection Timeout
EPM POLICYGeneral Operations
Failed AttemptsGeneral Action Failure
Failed Attempts AccessReject MessageAuthentication Failure Activity
Failed Attempts Deny Access MessageAuthentication Failure Activity
Failed Attempts Format: 1General Action Failure
Failed Attempts IPSECGeneral Action Failure
Guest MessageGeneral POLICY Information
High Load AverageOverload On Total
Identity Stores DiagnosticsDiagnostic Information
Last Message RepeatedLast Message Repeated
Log Session MessagesGeneral Information-Only Event
MDM Server Connection FailureServer Not Responding
Messages Not ReceivedMessage Not Located
Misc MessagesGeneral Information Log Message
Monitoring Data Purge AuditService Monitoring
Passed Authentication Group InformationGroup Membership Information
Passed AuthenticationsAuthentication Activity
Posture CheckGeneral Policy Compliance Information
RADIUS AccountingAccounting Request
Radius Accounting Start-Stop RequestNetwork Session Created
RADIUS Authentication Request DroppedAuthentication Failure Activity
Radius Authorization Policy MessagesRADIUS Access-Reject Received
RADIUS DiagnosticsGeneral RADIUS Message
SSL ErrorGeneral SSL Error
System StatisticsPerformance Statistics
TACACS DiagnosticsGeneral TACACS Message
TACACS+ AccountingGeneral TACACS Message
TIME SHIFT DETECTEDSystem Time Information

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports, system investigations, system report templates, and system tails as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.