PIM Events

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

PIM Events

Base Rule

General PIM Information

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 5101, 5102, 5103, 5104, 5105, 5106, 5107, 5108, 5109, 5110, 5111, 5112, 5113, 5114, 5115, 5116, 5117, 5118, 5119, 5120, 5121, 5122, 5123, 5124, 5125, 5126

Severity

<severity>

Text/String

For All: Information
For 5110, 5111:  Warning
For 5112, 5115, 5116,5117, 5118: Error

Message

<subject>
<objecttype>
<dinterface>

Text/String

Event ID 5101:
Send error packet

<subject>
<dip>
<dinterface>

Text/String/IP Address

Event ID 5102:
Pim IP config

<subject>
<dip>
<dinterface>
<result>
<object>

Text/String/IP Address

Event ID 5103:
Packet dropped

<subject>
<dip>
<objecttype>

Text/String/IP Address

Event ID 5104:
Received packet from router

<subject>
<dip>
<sip>
<status>
<sport>
<objecttype>
<object>

Text/String/IP Address/Number

Event ID 5105:
Failed to add flow

<subject>
<dip>
<sip>
<status>
<sport>
<objecttype>
<object>

Text/String/IP Address/Number

Event ID 5106:
Failed to remove flow for Hardware

<subject>
<sname>
<dinterface>
<group>

Text/String

Event ID 5107:
Failed to program mroute as the limits are reached

<subject>
<sname>
<dinterface>
<group>

Text/String

Event ID 5108:
Failed to program mroute as the sources per group limit is reached

<subject>
<version>
<dinterface>
<status>

Text/String

Event ID 5109:
PIM DR election log

<subject>
<dport>
<result>
<reason>
<objecttype>

Text/String/Number

Event ID 5110:
Multicast socket creation error

<subject>
<result>

Text/String

Event ID 5111:
DB Operation failed

<subject>
<object>

Text/String

Event ID 5112:
Elected BSR

<subject>
<object>

Text/String

Event ID 5113:
Elected BSR removed

<subject>
<dip>
<dinterface>
<result>
<status>

Text/String/IP Address

Event ID 5114:
Configured candidate BSR

<subject>
<sip>
<dinterface>
<action>

Text/String/IP Address

Event ID 5115:
Neighbor status

<subject>
<dinterface>
<reason>

Text/String

Event ID 5116:
Packet drop

<subject>
<version>
<dinterface>
<status>

Text/String

Event ID 5117:
Interface operational status

<subject>
<version>
<dinterface>
<action>
<status>

Text/String

Event ID 5118:
Interface PIM mode

<subject>
<version>
<action>
<object>

Text/String

Event ID 5119:
Router pim configuration status

<subject>
<dip>
<action>
<object>

Text/String/IP Address

Event ID 5120:
Learnt or removed candidate RP

<subject>
<size>

Text/String/Number

Event ID 5121:
Software Packet Queue reaches threshold

<subject>
<version>
<dinterface>
<status>

Text/String

Event ID 5122:
PIM VSX DR Election log

<subject>
<status>

Text/String

Event ID 5123:
VSX ISL Status update log

<subject>
<sip>
<dinterface>

Text/String/IP Address

Event ID 5124:
Configured candidate RP

<subject>
<sip>
<dinterface>

Text/String/IP Address

Event ID 5125:
BFD Session created

<subject>
<sip>
<dinterface>

Text/String/IP Address

Event ID 5126:
BFD Session deleted