MGMD Events | LogRhythm Documentation

Vendor Documentation

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

Classification

Rule Name	Rule Type	Common Event	Classification
MGMD Events	Base Rule	General Information Log Message	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Event ID	<vmid>	Number	Event ID 2601, 2602, 2603, 2604, 2605, 2606, 2607, 2608, 2609, 2610, 2611, 2612, 2613, 2614, 2615, 2616, 2617, 2618, 2619, 2620, 2621, 2622
Severity	<severity>	Text/String	For All: Information For 2601, 2603: Fatal For 2608: Warning For 2614, 2615: Error
Message	<subject> <objecttype> <object>	Text/String	Event ID 2601: This log event informs packet allocation failed in MGMD subsystem.
	<subject> <sip>	Text/String/IP Address	Event ID 2602: This log event used to log IGMP warning when IGMPv1 query is received.
	<subject> <size> <object>	Text/String/Number	Event ID 2603: This log event informs the user that MGMD could not allocate memory.
	<subject> <objecttype> <dinterface>	Text/String	Event ID 2604: This log event informs the user that IGMP/MLD detected other querier.
	<subject> <objecttype> <dinterface> <dip>	Text/String/IP Address	Event ID 2605: This log event informs the user that IGMP/MLD has started querier election on interface.
	<subject> <objecttype> <dinterface>	Text/String	Event ID 2606: This log event informs the user that IGMP/MLD ended querier role on interface.
	<subject> <objecttype> <dinterface> <dip>	Text/String/IP Address	Event ID 2607: This log event informs the user that MGMD started querier role on interface.
	<subject> <objecttype> <dport> <sip>	Text/String/Number/IP Address	Event ID 2608: This log event informs the user that MGMD received packet on invalid port.
	<subject> <sip>	Text/String/IP Address	Event ID 2609: This log event used to log IGMP warning when configured mode is IGMPv3 and IGMPv1 query is received.
	<subject> <sip>	Text/String/IP Address	Event ID 2610: This log event used to log IGMP warning when configured mode is IGMPv3 and IGMPv2 query is received.
	<subject> <objecttype> <status> <object>	Text/String	Event ID 2611: This log event informs the user that IGMP/MLD status on VLAN.
	<subject> <objecttype> <status> <dinterface>	Text/String	Event ID 2612: This log event informs the user the IGMP/MLD status on the Interface.
	<subject> <objecttype> <status> <dport> <object>	Text/String/Number	Event ID 2613: This log event informs the user that the port mode has changed.
	<subject> <objecttype> <object>	Text/String	Event ID 2614: This log event informs the user that the IGMP/MLD is disabled on a VLAN due to internal errors.
	<subject> <objecttype> <dport>	Text/String/Number	Event ID 2615: This log event informs the user that the IGMP/MLD is disabled on a L3 interface due to internal errors.
	<subject>	Text/String	Event ID 2616: This log event informs the user that MGMD resource utilization has exceeded the supported limits
	<subject>	Text/String	Event ID 2617: This log event informs the user that MGMD resource utilization has reached 90 percent of the supported limits
	<subject> <objecttype> <status> <object>	Text/String	Event ID 2618: This log event informs the user that whether IGMP/MLD snooping is operational.
	<subject> <sip>	Text/String/IP Address	Event ID 2619: This log event used to log IGMP warning when IGMPv2 query is received.
	<subject> <sip>	Text/String/IP Address	Event ID 2620: This log event used to log MLD warning when configured mode is MLDV2 and MLDV1 query is received.
	<subject> <sip>	Text/String/IP Address	Event ID 2621: This log event used to log MLD warning when configured mode is MLDv2 and MLDv1 query is received.
	<subject> <status> <dport> <object>	Text/String/Number	Event ID 2622: This log event used to log if ERPS Ring state changed to idle or protection.