V 2.0 Internal Operations Diagnostics Event

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html

Classification

Rule Name	Rule Type	Common Event	Classification
V 2.0 Internal Operations Diagnostics Event	Base Rule	Diagnostic Information	Information
V 2.0 EVID 30000 Unknown Fatal Error	Sub Rule	Unknown Error	Error
V 2.0 EVID 31000 Notif Dispatcher Not Initialize	Sub Rule	Configuration Notification Message Error	Error
V 2.0 EVID 31001 Configuration Message Not Send	Sub Rule	Configuration Notification Message Error	Error
V 2.0 EVID 31100 Configuration Changes Initiated	Sub Rule	Configuration Information	Information
V 2.0 EVID 31101 Configuration Changes Succeeded	Sub Rule	Configuration Changed	Error
V 2.0 EVID 31102 Configuration Changes Failed	Sub Rule	Configuration Changes Failed	Critical
V 2.0 EVID 31103 Start Up Configuration Success	Sub Rule	Configuration Successful	Information
V 2.0 EVID 31104 Start Up Configuration Failed	Sub Rule	Configuration Load Failure	Error
V 2.0 EVID 31105 Transaction Ignore	Sub Rule	Transaction Ignored	Warning
V 2.0 EVID 31106 Config Mgmt Could Not Translate	Sub Rule	Configuration Management Function Failure	Error
V 2.0 EVID 31107 Cold Config Restart Success	Sub Rule	Successful Activity	Other Audit Success
V 2.0 EVID 31108 Cold Config Restart Failed	Sub Rule	Configuration Restart Failed	Error
V 2.0 EVID 31109 Warm Config Restart Success	Sub Rule	Successful Activity	Other Audit Success
V 2.0 EVID 31110 Warm Config Restart Failed	Sub Rule	Configuration Restart Failed	Error
V 2.0 EVID 31111 Runtime Notification Out Of Sync	Sub Rule	Runtime Notifications Are Out Of Sync	Warning
V 2.0 EVID 31200 Encountered Invalid/Null Log Rec	Sub Rule	Invalid Option Encountered	Error
V 2.0 EVID 31201 Encountered Invalid/Null System	Sub Rule	Invalid Option Encountered	Error
V 2.0 EVID 31202 Encountered Invalid/Null User	Sub Rule	Invalid Option Encountered	Error
V 2.0 EVID 31203 Encountered Err For Succ. Login	Sub Rule	LOGIN Error	Error
V 2.0 EVID 31204 Encountered Err For Failed Login	Sub Rule	LOGIN Error	Error
V 2.0 EVID 31205 Encountered Error For Logout	Sub Rule	General Information Log Message	Information
V 2.0 EVID 31206 Encountered Error For Failover	Sub Rule	Failover	Error
V 2.0 EVID 31207 Encountered Err For Sess Timeout	Sub Rule	Session Timeout	Warning
V 2.0 EVID 31500 Management Start	Sub Rule	General Information Log Message	Information
V 2.0 EVID 31501 Management Stop	Sub Rule	General Information Log Message	Information
V 2.0 EVID 31502 Start Runtime	Sub Rule	General Information Log Message	Information
V 2.0 EVID 31503 Stop Runtime	Sub Rule	General Information Log Message	Information
V 2.0 EVID 31504 Cryptographic Mod Not Initializ	Sub Rule	Cryptographic Module Initialization Failure	Critical
V 2.0 EVID 32000 Logging Component Started	Sub Rule	General Logging Information	Information
V 2.0 EVID 32001 Logging Component Shut Down	Sub Rule	General Logging Information	Information
V 2.0 EVID 32002 Default Configuration Startup	Sub Rule	Configuration Information	Information
V 2.0 EVID 32005 Could Not Log Message To Logger	Sub Rule	General Warning Log Message	Warning
V 2.0 EVID 32006 Could Not Log Message To Crit	Sub Rule	General Warning Log Message	Warning
V 2.0 EVID 32008 Logging Component Config Change	Sub Rule	General Logging Information	Information
V 2.0 EVID 32012 Could Not Write To Local Storage	Sub Rule	Cannot Write To File	Error
V 2.0 EVID 32013 Not Create Local Storage File	Sub Rule	The File Can Not Be Created	Warning
V 2.0 EVID 32014 Not Delete Loc Storage CSV File	Sub Rule	Unable To Delete File	Error
V 2.0 EVID 32015 Local File Deleted	Sub Rule	File Deleted	Information
V 2.0 EVID 32016 Low Disk Space Limit	Sub Rule	System Memory Low	Warning
V 2.0 EVID 32017 UDP Socket Not Open	Sub Rule	Open UDP Socket Error	Error
V 2.0 EVID 32018 Data Not Send On Socket	Sub Rule	General Information Log Message	Information
V 2.0 EVID 32025 Rolled Over Local Storage File	Sub Rule	File Rolled Over	Other Audit Success
V 2.0 EVID 32026 Could Not Roll Over Loc Storage	Sub Rule	File Rolled Over	Other Audit Success
V 2.0 EVID 33101 New ISE Config Session Created	Sub Rule	Configuration Information	Information
V 2.0 EVID 33102 Successful User Login ISE	Sub Rule	Configuration Success	Other Audit Success
V 2.0 EVID 33103 Failed User Login ISE	Sub Rule	Failed Configuration	Other Audit Failure
V 2.0 EVID 33104 Closed ISE Configuration Session	Sub Rule	Configuration Session Closed	Information
V 2.0 EVID 33105 Set Debug Log Level	Sub Rule	General Debug Message	Information
V 2.0 EVID 33106 Set Default Debug Log Level	Sub Rule	General Debug Message	Information
V 2.0 EVID 33107 Show Debug Log Status	Sub Rule	Show Debugging Log Status	Information
V 2.0 EVID 33108 Reset Admin Password	Sub Rule	Performing Password Change	Information
V 2.0 EVID 33201 Operation Failure	Sub Rule	AD Operation Failure	Error
V 2.0 EVID 33202 Operation Success	Sub Rule	AD Operation Success	Information
V 2.0 EVID 33203 Hit Count Reset	Sub Rule	General Information Log Message	Information
V 2.0 EVID 33204 Hit Count Recollect	Sub Rule	Hit Count Recollect	Information
V 2.0 EVID 33205 General PI Error	Sub Rule	General PI Error	Error
V 2.0 EVID 33206 AD Operation Information	Sub Rule	AD Operation Information	Information
V 2.0 EVID 33207 AD Operation Warning	Sub Rule	AD Operation Warning	Warning
V 2.0 EVID 33208 Test Connection Against AD	Sub Rule	General Active Directory Information	Information
V 2.0 EVID 33209 Test Connection Against LDAP	Sub Rule	Performing LDAP Connectivity Tests	Information
V 2.0 EVID 33210 LDAP Traffic Info	Sub Rule	General LDAP Message	Information
V 2.0 EVID 33211 Self Signed Certificate For Mgmt	Sub Rule	General Information Log Message	Information
V 2.0 EVID 33212 ISE Could Not Load Certificate	Sub Rule	Certificate Load Failure	Error
V 2.0 EVID 33300 General GUI Error	Sub Rule	General GUI Error	Error
V 2.0 EVID 32500 General Database Error	Sub Rule	General Database Error	Error
V 2.0 EVID 32600 Connected Message Bus	Sub Rule	Connected Message Bus	Information
V 2.0 EVID 32601 Message Bus Not Started	Sub Rule	Message Bus Not Started	Error
V 2.0 EVID 32602 Retrying Message	Sub Rule	Retrying Message Bus Connection	Information
V 2.0 EVID 32603 Connection Dropped	Sub Rule	Connection Dropped	Warning
V 2.0 EVID 32604 Unknown Bus Error	Sub Rule	Unknown Bus Error	Error
V 2.0 EVID 32605 Unknown Attribute	Sub Rule	Unknown Attribute	Error
V 2.0 EVID 32606 Dropped Unknown Message	Sub Rule	Unknown Message Type Dropped	Error
V 2.0 EVID 32607 Missing Attribute	Sub Rule	Missing Attribute	Warning
V 2.0 EVID 32700 Failover Mode Caused By Int Err	Sub Rule	Failover Due To Internal Error	Critical
V 2.0 EVID 33400 Certificate Revocation List Add	Sub Rule	Certificate Revocation List Added	Information
V 2.0 EVID 33450 Request To Clear OCSP Cache	Sub Rule	Cache Information	Information
V 2.0 EVID 33451 Successfully Clear OCSP Cache	Sub Rule	Cache Information	Information
V 2.0 EVID 33452 Failed To Clear OCSP Cache	Sub Rule	Cache Information	Information
V 2.0 EVID 33500 EAP-TLS Not Initialize	Sub Rule	General EAPOL Error	Error
V 2.0 EVID 33501 EAP-FAST Not Initialize	Sub Rule	General EAPOL Error	Error
V 2.0 EVID 33502 PEAP Not Initialize	Sub Rule	Initialization Error	Error
V 2.0 EVID 33503 Blank CTL Configured For EAP-TL	Sub Rule	General Configuration Error	Error
V 2.0 EVID 33504 CTL Initialization Failed	Sub Rule	Initialization Failed	Error
V 2.0 EVID 33505 EAP-TLS Svr-Cert Not Initialize	Sub Rule	Initialization Error	Error
V 2.0 EVID 33506 EAP-FAST Svr-Cert Not Initialize	Sub Rule	Initialization Error	Error
V 2.0 EVID 33507 PEAP Server-Cert Not Initialize	Sub Rule	Initialization Error	Error
V 2.0 EVID 33508 EAP-TLS Svr-Cert Chain Not Init	Sub Rule	Initialization Error	Error
V 2.0 EVID 33509 PEAP Failed	Sub Rule	Initialization Failed	Error
V 2.0 EVID 33510 EAP-FAST Svr-Cert Chain Not Init	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 34000 Appending Transaction	Sub Rule	Appending Transaction	Information
V 2.0 EVID 34001 Dispatching Transaction	Sub Rule	Dispatching Transaction	Information
V 2.0 EVID 34002 Received Transaction	Sub Rule	Transaction Received	Information
V 2.0 EVID 34003 Applied Transaction	Sub Rule	Applied Transaction	Information
V 2.0 EVID 34005 Cache Sync Failed	Sub Rule	Cache Information	Information
V 2.0 EVID 34050 RT Control Port Up	Sub Rule	Control Port Up	Information
V 2.0 EVID 34051 RT Control Port Blocked	Sub Rule	Control Port Blocked	Error
V 2.0 EVID 34110 Error Processing	Sub Rule	Processing Notification	Information
V 2.0 EVID 34111 REST Request Success	Sub Rule	Processing Notification	Information
V 2.0 EVID 34112 Invalid REST Request	Sub Rule	Bad Request/Invalid Syntax	Error
V 2.0 EVID 34113 Resource Not Found	Sub Rule	The Resource Identified Could Not Be Found.	Information
V 2.0 EVID 34114 Resource Already Exists	Sub Rule	General Information Log Message	Information
V 2.0 EVID 34115 Resource Does Not Exist	Sub Rule	The Resource Identified Could Not Be Found.	Information
V 2.0 EVID 34116 Policy Not Found	Sub Rule	Policy Cannot Be Found	Error
V 2.0 EVID 34117 Error Connecting To Remote	Sub Rule	Connection Error	Error
V 2.0 EVID 34118 Err Processing Package Frm Cisco	Sub Rule	Payload Processing Error	Error
V 2.0 EVID 34119 Profile Received An Err Response	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 34120 Profiler Failed To Get Conn.	Sub Rule	Connection Failure	Error
V 2.0 EVID 34123 Process Running Out Of Memory	Sub Rule	Memory Resources Are Low	Warning
V 2.0 EVID 34124 EAP Sess Limited Due To Low Mem	Sub Rule	Memory Resources Are Low	Warning
V 2.0 EVID 34125 CRL Could Not Updated - Low Mem	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 34126 Remote Syslog Target Unavailable	Sub Rule	Remote Host Not Available	Error
V 2.0 EVID 34127 Remote Syslog Target Connection	Sub Rule	General Syslog Information	Information
V 2.0 EVID 34128 Rem Syslog Target Buffer Clear	Sub Rule	General Syslog Information	Information
V 2.0 EVID 34129 Could Not Initialize Syslog Cert	Sub Rule	Initialize Object Failure	Access Failure
V 2.0 EVID 34130 CTL For Syslog Server Cert Empty	Sub Rule	General Syslog Information	Information
V 2.0 EVID 34131 Could Not Initialize Syslog Cert	Sub Rule	Initialize Object Failure	Access Failure
V 2.0 EVID 34132 TLS Handshake Succeeded	Sub Rule	Handshake Successful	Network Traffic
V 2.0 EVID 34133 TLS Handshake Failed	Sub Rule	Handshake Failed	Warning
V 2.0 EVID 34134 Syslog Svr Cert Verif Not Init	Sub Rule	General Syslog Information	Information
V 2.0 EVID 34135 Syslog Server Is Slow Or Down	Sub Rule	Server Not Responding	Critical
V 2.0 EVID 34137 Secure Syslog Server Reject ISE	Sub Rule	General Syslog Information	Information
V 2.0 EVID 34138 Syslog Conn. Failed Unsup Cert.	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34139 Sys Conn Fail Unable To Download	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34140 Syslog Conn Failed Unknown Cert	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34141 Syslog Conn Failed Expired Cert	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34142 Syslog Conn. Failed Expired CRL	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34143 Syslog Conn. Failed Reoked Cert	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34144 Syslog Conn. Failed Bad Cert.	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34145 Syslog Conn Reconnect OCSP Found	Sub Rule	Connection Established	Network Traffic
V 2.0 EVID 34146 Syslog Conn Reconnect CRL Found	Sub Rule	Connection Established	Network Traffic
V 2.0 EVID 34147 JGroups TLS Handshake Failed	Sub Rule	Handshake Failed	Warning
V 2.0 EVID 34148 JGroups TLS Handshake Succeeded	Sub Rule	Handshake Successful	Network Traffic
V 2.0 EVID 34149 HTTPS TLS Handshake Failed	Sub Rule	Handshake Failed	Warning
V 2.0 EVID 34150 HTTPS TLS Handshake Succeeded	Sub Rule	Handshake Successful	Network Traffic
V 2.0 EVID 34151 Certificate Validation Failed	Sub Rule	PKI-3-CERTIFICATE_INVALID	Error
V 2.0 EVID 34152 Certificate Validation Succeeded	Sub Rule	Certificate Valid	Information
V 2.0 EVID 34153 LDAP ID Store Connection Failed	Sub Rule	General Connection Failed	Error
V 2.0 EVID 34154 LDAP ID Store Conn. Succeeded	Sub Rule	Connection Established	Network Traffic
V 2.0 EVID 34155 Mac Address Already Exists	Sub Rule	MAC Address Already Exists	Warning
V 2.0 EVID 34156 CARS Network Config Reset	Sub Rule	Successful Activity	Other Audit Success
V 2.0 EVID 34157 EAP-TTLS Not Initialize	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 34158 EAP-TTLS Server-Cert. Not Init.	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 34159 LDAPS Conn Established Success	Sub Rule	Connection Established	Network Traffic
V 2.0 EVID 34160 LDAPS Conn Terminated Success	Sub Rule	Connection Terminated	Network Traffic
V 2.0 EVID 34161 LDAPS Conn Establishment Failed	Sub Rule	Connection Failed	Network Traffic
V 2.0 EVID 34162 LDAPS Conn Terminated SSL Error	Sub Rule	Connection Terminated	Network Traffic
V 2.0 EVID 34163 LDAPS Conn Establishment Failed	Sub Rule	Connection Failed	Network Traffic
V 2.0 EVID 34164 LDAPS Conn Terminate Non-SSL Err	Sub Rule	Connection Terminated	Network Traffic
V 2.0 EVID 33511 TEAP Could Not Initialize TEAP	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 33512 Could Not Init. Complete TEAP	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 33513 Could Not Initialize TEAP	Sub Rule	Failed To Initialize Service	Error
V 2.0 EVID 33514 Sent TEAP Res TLV Indicat Succ.	Sub Rule	Successful Activity	Other Audit Success
V 2.0 EVID 33515 Sent TEAP Res TLV Indicate Fail	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 33516 TLV Indicating Success	Sub Rule	Successful Activity	Other Audit Success
V 2.0 EVID 33517 TLV Indicating Failure	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 33518 No Cipher For Full Handshake	Sub Rule	Handshake Failed	Warning
V 2.0 EVID 34170 Active PxGrid Cloud Node Unable	Sub Rule	Unable To Establish Connection	Error

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
pri_num	N/A	N/A	Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23)
time	N/A	N/A	Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss.
IP address/hostname	N/A	N/A	IP address of the originating Cisco ISE node, or the hostname.
cat_name	<vendorinfo>	Text/String	Logging category name preceded by the CSCOxxx string.
msg_id	N/A	N/A	Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted.
total_seg	N/A	N/A	Total number of segments in a log message. Long messages are divided into more than one segment. Note: The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings.
seg_num	N/A	N/A	Segment sequence number within a message. Use this number to determine what segment of the message you are viewing.
timestamp	N/A	N/A	Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format: YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm.
sequence_num	N/A	N/A	Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999.
msg_code	<vmid> <tag1>	Number	Message code as defined in the logging categories.
msg_sev	<severity>	Text/String	Message severity level of a log message.
msg_class	<subject>	Text/String	Message class, which identifies groups of messages with the same context.
msg_text	<action>	Text/String	English language descriptive text message.
ConfigVersionId	<version>	Number	N/A
LogErrorMessage	<result>	Text/String	N/A
Key1	N/A	N/A	N/A
Key2	N/A	N/A	N/A