V 2.0 Internal MDM Event

V 2.0 Internal MDM Event

Base Rule

General MDM Information

Information

V 2.0 EVID 89050 Administrative Action Submitted

Sub Rule

General Administrative Operation

Information

V 2.0 EVID 89051 Administrative Action Delivered

Sub Rule

General Administrative Operation

Information

V 2.0 EVID 89052 Administrative Action Failed

Sub Rule

Action Failure

Error

V 2.0 EVID 89100 Device Enrollment Initiated

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89101 Device Enrollment Failed

Sub Rule

Device Initialization Failed

Critical

V 2.0 EVID 89102 Device Enrolled Successfully

Sub Rule

Successful Activity

Other Audit Success

V 2.0 EVID 89103 Device Deregistered

Sub Rule

Device Unregistered

Warning

V 2.0 EVID 89104 Device Service Initialized

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89105 Device Svc Initialization Fail

Sub Rule

General Failed Activity

Failed Activity

V 2.0 EVID 89106 Device Service Stopped

Sub Rule

Process/Service Stopped

Startup and Shutdown

V 2.0 EVID 89107 Unable To Send Notifications

Sub Rule

General Notification

Information

V 2.0 EVID 89108 APNS Certificate Expired

Sub Rule

Certificate Expired

Warning

V 2.0 EVID 89109 Endpoint Certificate Expire

Sub Rule

Certificate Expired

Warning

V 2.0 EVID 89110 Dev Check Not Auth. Expired Cert

Sub Rule

Certificate Expired

Warning

V 2.0 EVID 89111 Device Check Authorized

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89112 Certificate Renewed

Sub Rule

Certificate Renewal Request

Activity

V 2.0 EVID 89113 Inactive Device Detected

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89114 GeoLocation Coordinates Receive

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89115 Profile Installed

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89116 Profile Removed

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89117 Application Installed

Sub Rule

General Application Information

Information

V 2.0 EVID 89118 Application Removed

Sub Rule

General Application Information

Information

V 2.0 EVID 89119 Device Reassessment Failed

Sub Rule

General Failed Activity

Failed Activity

V 2.0 EVID 89132 Endpoint Cert Going To Expired

Sub Rule

General Endpoint Message

Information

V 2.0 EVID 89133 Endpoint Certificate Expired

Sub Rule

General Endpoint Message

Information

V 2.0 EVID 89142  Provisioning Operation Failed

Sub Rule

Provisioning Failed

Warning

V 2.0 EVID 89143 Device Updated

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89144 Certificate Renewal Failed

Sub Rule

General Failed Activity

Failed Activity

V 2.0 EVID 89149 Device Compliant

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89150 Device Not Compliant

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89151 Cert Issued Can Be Revoked

Sub Rule

Revoke Certificate Request

Activity

V 2.0 EVID 89152 Mob Dev Unenrollment Initiated

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89153 Cert Missing For Notifification

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89154 Invalid Token TO Apple VPP

Sub Rule

General Information Log Message

Information

V 2.0 EVID 89155 Access Failed To Apple VPP

Sub Rule

Access Object Failure

Access Failure

V 2.0 EVID 89156 CMCS Server Unreachable

Sub Rule

Destination Unreachable

Error

V 2.0 EVID 89157 CMCS Authentication Failure

Sub Rule

Authentication Failure Activity

Authentication Failure

V 2.0 EVID 89158 APNS Server Unreachable

Sub Rule

Destination Unreachable

Error

V 2.0 EVID 89159 APNS Authentication Failure

Sub Rule

Authentication Failure Activity

Authentication Failure

V 2.0 EVID 89160 MDM User Auth Completed

Sub Rule

Authentication Complete

Information

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

pri_num

N/A

N/A

Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value.
The facility code valid options are:
LOCAL0 (Code = 16)
LOCAL1 (Code = 17)
LOCAL2 (Code = 18)
LOCAL3 (Code = 19)
LOCAL4 (Code = 20)
LOCAL5 (Code = 21)
LOCAL6 (Code = 22; default)
LOCAL7 (Code = 23)

time

N/A

N/A

Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss.

IP address/hostname

N/A

N/A

IP address of the originating Cisco ISE node, or the hostname.

cat_name

<vendorinfo>

Text/String

Logging category name preceded by the CSCOxxx string.

msg_id

N/A

N/A

Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted.

total_seg

N/A

N/A

Total number of segments in a log message. Long messages are divided into more than one segment.
Note: The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings.

seg_num

N/A

N/A

Segment sequence number within a message. Use this number to determine what segment of the message you are viewing.

timestamp

N/A

N/A

Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format: 
YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm.

sequence_num

N/A

N/A

Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999.

msg_code

<vmid>
<tag1>

Number

Message code as defined in the logging categories.

msg_sev

<severity>

Text/String

Message severity level of a log message.

msg_class

<subject> 

Text/String

Message class, which identifies groups of messages with the same context.

msg_text

<action> 

Text/String

English language descriptive text message.

key1

N/A

N/A

N/A

key2

N/A

N/A

N/A