PORT_ACCESS Events

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

PORT_ACCESS Events

Base Rule

General PORT Message

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 10501, 10502, 10503, 10504, 10505, 10506, 10507, 10508

Severity

<severity>

Text/String

For All: Information
For 10508: Error

Message

<subject>
<dmac>

Text/String

Event ID 10501:
Client was logged-off administratively through command-line interface

<subject>
<dport>

Text/String/Number

Event ID 10502:
The port is blocked by port-access daemon

<subject>
<dport>

Text/String/Number

Event ID 10503:
The port is unblocked by port-access daemon

<subject>
<dport>
<action>

Text/String/Number

Event ID 10504:
The authentication mode associated with the port is changed

<subject>
<dport>
<size>

Text/String/Number

Event ID 10505:
The client limit associated with the port is changed

<subject>
<objectname>
<object>

Text/String

Event ID 10506:
The name associated with a VLAN in use by port-access daemon changed

<subject>
<policy>

Text/String

Event ID 10507:
The policy configuration is updated by the user

<subject>
<dport>

Text/String/Number

Event ID 10508:
VLAN is configured as Trunk for some clients and access for others. This could potentially result in traffic loss