Device Details
|
Device Name |
Cisco ISE |
|
Vendor |
Cisco |
|
Device Type |
Identity and Access Control Policy Platform |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
N/A |
|
Log Source Type |
Syslog - Cisco ISE |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
V 2.0 ACI Binding Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 AD Connector Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <domainorigin>, <sip> |
|
V 2.0 Admin And Operational Audit Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <version>, <status>, <sip>, <session>, <login>, <domainorigin>, <reason>, <objecttype>, <object>, <result>, <sport>, <sname>, <url>, <account> |
|
V 2.0 Admin Authentication And Authorization Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 Authentication Flow Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <dip>, <account>, <session>, <result>, <status> |
|
V 2.0 Distributed Management Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 External MDM Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <account>, <reason>, <dmac>, <status>, <session> |
|
V 2.0 Failed Attempts Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <sport>, <dip>, <dport>, <account>, <protnum>, <protname>, <status>, <session>, <reason>, <smac>, <dmac>, <snatip>, <dnatip> |
|
V 2.0 Guest Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <account>, <smac>, <sip> |
|
V 2.0 Identity Stores Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <domainorigin>, <login>, <session>, <result> |
|
V 2.0 Internal MDM Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 Internal Operations Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <version>, <result> |
|
V 2.0 Licensing Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 MDM Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 My Devices Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <login>, <smac>, <sip>, <group>, <sname>, <status>, <session> |
|
V 2.0 Passed Authentications Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <dip>, <dport>, <dnatip>, <login>, <sender>, <smac>, <command>, <protname>, <status>, <session>, <group>, <reason>, <sname>, <snatip>, <snatport>, <dmac>, <version> |
|
V 2.0 Passive ID Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sname>, <sip>, <domainorigin>, <result> |
|
V 2.0 Policy Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <login>, <protname>, <session>, <policy>, <group>, <result> |
|
V 2.0 Posture & Client Provisioning Diagnostic Evt |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 Posture And Client Provisioning Audit Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <reason>, <dmac>, <url>, <account>, <session>, <dip> |
|
V 2.0 Profiler Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <smac>, <policy>, <dport>, <dip>, <result>, <account>, <status> |
|
V 2.0 RADIUS Accounting Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <version>, <sip>, <sname>, <domainimpacted>, <account>, <snatip>, <snatport>, <objecttype>, <dip>, <object>, <dmac>, <smac>, <status>, <bytesin>, <bytesout>, <session>, <packetsin>, <packetsout> |
|
V 2.0 RADIUS Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <sport>, <dip>, <dport>, <domainimpacted>, <account>, <dnatip>, <status>, <session> |
|
V 2.0 System Statistics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
|
V 2.0 TACACS Accounting Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <command>, <objecttype>, <account>, <dip>, <object>, <status> |
|
V 2.0 TACACS Diagnostics Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action>, <sip>, <sport>, <objecttype>, <session>, <object>, <account>, <dport>, <dip>, <result>, <reason>, <status> |
|
V 2.0 Threat Centric NAC Event |
N/A |
<vendorinfo>, <vmid>, <tag1>, <severity>, <subject>, <action> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|
KB 7.1.664.0 |
Syslog - Cisco ISE |
New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 |
Optimized new log processing policy for Syslog - Cisco ISE |