V 2.0 Internal Operations Diagnostics Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 Internal Operations Diagnostics Event | Base Rule | Diagnostic Information | Information |
| V 2.0 EVID 30000 Unknown Fatal Error | Sub Rule | Unknown Error | Error |
| V 2.0 EVID 31000 Notif Dispatcher Not Initialize | Sub Rule | Configuration Notification Message Error | Error |
| V 2.0 EVID 31001 Configuration Message Not Send | Sub Rule | Configuration Notification Message Error | Error |
| V 2.0 EVID 31100 Configuration Changes Initiated | Sub Rule | Configuration Information | Information |
| V 2.0 EVID 31101 Configuration Changes Succeeded | Sub Rule | Configuration Changed | Error |
| V 2.0 EVID 31102 Configuration Changes Failed | Sub Rule | Configuration Changes Failed | Critical |
| V 2.0 EVID 31103 Start Up Configuration Success | Sub Rule | Configuration Successful | Information |
| V 2.0 EVID 31104 Start Up Configuration Failed | Sub Rule | Configuration Load Failure | Error |
| V 2.0 EVID 31105 Transaction Ignore | Sub Rule | Transaction Ignored | Warning |
| V 2.0 EVID 31106 Config Mgmt Could Not Translate | Sub Rule | Configuration Management Function Failure | Error |
| V 2.0 EVID 31107 Cold Config Restart Success | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 31108 Cold Config Restart Failed | Sub Rule | Configuration Restart Failed | Error |
| V 2.0 EVID 31109 Warm Config Restart Success | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 31110 Warm Config Restart Failed | Sub Rule | Configuration Restart Failed | Error |
| V 2.0 EVID 31111 Runtime Notification Out Of Sync | Sub Rule | Runtime Notifications Are Out Of Sync | Warning |
| V 2.0 EVID 31200 Encountered Invalid/Null Log Rec | Sub Rule | Invalid Option Encountered | Error |
| V 2.0 EVID 31201 Encountered Invalid/Null System | Sub Rule | Invalid Option Encountered | Error |
| V 2.0 EVID 31202 Encountered Invalid/Null User | Sub Rule | Invalid Option Encountered | Error |
| V 2.0 EVID 31203 Encountered Err For Succ. Login | Sub Rule | LOGIN Error | Error |
| V 2.0 EVID 31204 Encountered Err For Failed Login | Sub Rule | LOGIN Error | Error |
| V 2.0 EVID 31205 Encountered Error For Logout | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 31206 Encountered Error For Failover | Sub Rule | Failover | Error |
| V 2.0 EVID 31207 Encountered Err For Sess Timeout | Sub Rule | Session Timeout | Warning |
| V 2.0 EVID 31500 Management Start | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 31501 Management Stop | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 31502 Start Runtime | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 31503 Stop Runtime | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 31504 Cryptographic Mod Not Initializ | Sub Rule | Cryptographic Module Initialization Failure | Critical |
| V 2.0 EVID 32000 Logging Component Started | Sub Rule | General Logging Information | Information |
| V 2.0 EVID 32001 Logging Component Shut Down | Sub Rule | General Logging Information | Information |
| V 2.0 EVID 32002 Default Configuration Startup | Sub Rule | Configuration Information | Information |
| V 2.0 EVID 32005 Could Not Log Message To Logger | Sub Rule | General Warning Log Message | Warning |
| V 2.0 EVID 32006 Could Not Log Message To Crit | Sub Rule | General Warning Log Message | Warning |
| V 2.0 EVID 32008 Logging Component Config Change | Sub Rule | General Logging Information | Information |
| V 2.0 EVID 32012 Could Not Write To Local Storage | Sub Rule | Cannot Write To File | Error |
| V 2.0 EVID 32013 Not Create Local Storage File | Sub Rule | The File Can Not Be Created | Warning |
| V 2.0 EVID 32014 Not Delete Loc Storage CSV File | Sub Rule | Unable To Delete File | Error |
| V 2.0 EVID 32015 Local File Deleted | Sub Rule | File Deleted | Information |
| V 2.0 EVID 32016 Low Disk Space Limit | Sub Rule | System Memory Low | Warning |
| V 2.0 EVID 32017 UDP Socket Not Open | Sub Rule | Open UDP Socket Error | Error |
| V 2.0 EVID 32018 Data Not Send On Socket | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 32025 Rolled Over Local Storage File | Sub Rule | File Rolled Over | Other Audit Success |
| V 2.0 EVID 32026 Could Not Roll Over Loc Storage | Sub Rule | File Rolled Over | Other Audit Success |
| V 2.0 EVID 33101 New ISE Config Session Created | Sub Rule | Configuration Information | Information |
| V 2.0 EVID 33102 Successful User Login ISE | Sub Rule | Configuration Success | Other Audit Success |
| V 2.0 EVID 33103 Failed User Login ISE | Sub Rule | Failed Configuration | Other Audit Failure |
| V 2.0 EVID 33104 Closed ISE Configuration Session | Sub Rule | Configuration Session Closed | Information |
| V 2.0 EVID 33105 Set Debug Log Level | Sub Rule | General Debug Message | Information |
| V 2.0 EVID 33106 Set Default Debug Log Level | Sub Rule | General Debug Message | Information |
| V 2.0 EVID 33107 Show Debug Log Status | Sub Rule | Show Debugging Log Status | Information |
| V 2.0 EVID 33108 Reset Admin Password | Sub Rule | Performing Password Change | Information |
| V 2.0 EVID 33201 Operation Failure | Sub Rule | AD Operation Failure | Error |
| V 2.0 EVID 33202 Operation Success | Sub Rule | AD Operation Success | Information |
| V 2.0 EVID 33203 Hit Count Reset | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 33204 Hit Count Recollect | Sub Rule | Hit Count Recollect | Information |
| V 2.0 EVID 33205 General PI Error | Sub Rule | General PI Error | Error |
| V 2.0 EVID 33206 AD Operation Information | Sub Rule | AD Operation Information | Information |
| V 2.0 EVID 33207 AD Operation Warning | Sub Rule | AD Operation Warning | Warning |
| V 2.0 EVID 33208 Test Connection Against AD | Sub Rule | General Active Directory Information | Information |
| V 2.0 EVID 33209 Test Connection Against LDAP | Sub Rule | Performing LDAP Connectivity Tests | Information |
| V 2.0 EVID 33210 LDAP Traffic Info | Sub Rule | General LDAP Message | Information |
| V 2.0 EVID 33211 Self Signed Certificate For Mgmt | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 33212 ISE Could Not Load Certificate | Sub Rule | Certificate Load Failure | Error |
| V 2.0 EVID 33300 General GUI Error | Sub Rule | General GUI Error | Error |
| V 2.0 EVID 32500 General Database Error | Sub Rule | General Database Error | Error |
| V 2.0 EVID 32600 Connected Message Bus | Sub Rule | Connected Message Bus | Information |
| V 2.0 EVID 32601 Message Bus Not Started | Sub Rule | Message Bus Not Started | Error |
| V 2.0 EVID 32602 Retrying Message | Sub Rule | Retrying Message Bus Connection | Information |
| V 2.0 EVID 32603 Connection Dropped | Sub Rule | Connection Dropped | Warning |
| V 2.0 EVID 32604 Unknown Bus Error | Sub Rule | Unknown Bus Error | Error |
| V 2.0 EVID 32605 Unknown Attribute | Sub Rule | Unknown Attribute | Error |
| V 2.0 EVID 32606 Dropped Unknown Message | Sub Rule | Unknown Message Type Dropped | Error |
| V 2.0 EVID 32607 Missing Attribute | Sub Rule | Missing Attribute | Warning |
| V 2.0 EVID 32700 Failover Mode Caused By Int Err | Sub Rule | Failover Due To Internal Error | Critical |
| V 2.0 EVID 33400 Certificate Revocation List Add | Sub Rule | Certificate Revocation List Added | Information |
| V 2.0 EVID 33450 Request To Clear OCSP Cache | Sub Rule | Cache Information | Information |
| V 2.0 EVID 33451 Successfully Clear OCSP Cache | Sub Rule | Cache Information | Information |
| V 2.0 EVID 33452 Failed To Clear OCSP Cache | Sub Rule | Cache Information | Information |
| V 2.0 EVID 33500 EAP-TLS Not Initialize | Sub Rule | General EAPOL Error | Error |
| V 2.0 EVID 33501 EAP-FAST Not Initialize | Sub Rule | General EAPOL Error | Error |
| V 2.0 EVID 33502 PEAP Not Initialize | Sub Rule | Initialization Error | Error |
| V 2.0 EVID 33503 Blank CTL Configured For EAP-TL | Sub Rule | General Configuration Error | Error |
| V 2.0 EVID 33504 CTL Initialization Failed | Sub Rule | Initialization Failed | Error |
| V 2.0 EVID 33505 EAP-TLS Svr-Cert Not Initialize | Sub Rule | Initialization Error | Error |
| V 2.0 EVID 33506 EAP-FAST Svr-Cert Not Initialize | Sub Rule | Initialization Error | Error |
| V 2.0 EVID 33507 PEAP Server-Cert Not Initialize | Sub Rule | Initialization Error | Error |
| V 2.0 EVID 33508 EAP-TLS Svr-Cert Chain Not Init | Sub Rule | Initialization Error | Error |
| V 2.0 EVID 33509 PEAP Failed | Sub Rule | Initialization Failed | Error |
| V 2.0 EVID 33510 EAP-FAST Svr-Cert Chain Not Init | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 34000 Appending Transaction | Sub Rule | Appending Transaction | Information |
| V 2.0 EVID 34001 Dispatching Transaction | Sub Rule | Dispatching Transaction | Information |
| V 2.0 EVID 34002 Received Transaction | Sub Rule | Transaction Received | Information |
| V 2.0 EVID 34003 Applied Transaction | Sub Rule | Applied Transaction | Information |
| V 2.0 EVID 34005 Cache Sync Failed | Sub Rule | Cache Information | Information |
| V 2.0 EVID 34050 RT Control Port Up | Sub Rule | Control Port Up | Information |
| V 2.0 EVID 34051 RT Control Port Blocked | Sub Rule | Control Port Blocked | Error |
| V 2.0 EVID 34110 Error Processing | Sub Rule | Processing Notification | Information |
| V 2.0 EVID 34111 REST Request Success | Sub Rule | Processing Notification | Information |
| V 2.0 EVID 34112 Invalid REST Request | Sub Rule | Bad Request/Invalid Syntax | Error |
| V 2.0 EVID 34113 Resource Not Found | Sub Rule | The Resource Identified Could Not Be Found. | Information |
| V 2.0 EVID 34114 Resource Already Exists | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 34115 Resource Does Not Exist | Sub Rule | The Resource Identified Could Not Be Found. | Information |
| V 2.0 EVID 34116 Policy Not Found | Sub Rule | Policy Cannot Be Found | Error |
| V 2.0 EVID 34117 Error Connecting To Remote | Sub Rule | Connection Error | Error |
| V 2.0 EVID 34118 Err Processing Package Frm Cisco | Sub Rule | Payload Processing Error | Error |
| V 2.0 EVID 34119 Profile Received An Err Response | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 34120 Profiler Failed To Get Conn. | Sub Rule | Connection Failure | Error |
| V 2.0 EVID 34123 Process Running Out Of Memory | Sub Rule | Memory Resources Are Low | Warning |
| V 2.0 EVID 34124 EAP Sess Limited Due To Low Mem | Sub Rule | Memory Resources Are Low | Warning |
| V 2.0 EVID 34125 CRL Could Not Updated - Low Mem | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 34126 Remote Syslog Target Unavailable | Sub Rule | Remote Host Not Available | Error |
| V 2.0 EVID 34127 Remote Syslog Target Connection | Sub Rule | General Syslog Information | Information |
| V 2.0 EVID 34128 Rem Syslog Target Buffer Clear | Sub Rule | General Syslog Information | Information |
| V 2.0 EVID 34129 Could Not Initialize Syslog Cert | Sub Rule | Initialize Object Failure | Access Failure |
| V 2.0 EVID 34130 CTL For Syslog Server Cert Empty | Sub Rule | General Syslog Information | Information |
| V 2.0 EVID 34131 Could Not Initialize Syslog Cert | Sub Rule | Initialize Object Failure | Access Failure |
| V 2.0 EVID 34132 TLS Handshake Succeeded | Sub Rule | Handshake Successful | Network Traffic |
| V 2.0 EVID 34133 TLS Handshake Failed | Sub Rule | Handshake Failed | Warning |
| V 2.0 EVID 34134 Syslog Svr Cert Verif Not Init | Sub Rule | General Syslog Information | Information |
| V 2.0 EVID 34135 Syslog Server Is Slow Or Down | Sub Rule | Server Not Responding | Critical |
| V 2.0 EVID 34137 Secure Syslog Server Reject ISE | Sub Rule | General Syslog Information | Information |
| V 2.0 EVID 34138 Syslog Conn. Failed Unsup Cert. | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34139 Sys Conn Fail Unable To Download | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34140 Syslog Conn Failed Unknown Cert | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34141 Syslog Conn Failed Expired Cert | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34142 Syslog Conn. Failed Expired CRL | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34143 Syslog Conn. Failed Reoked Cert | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34144 Syslog Conn. Failed Bad Cert. | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34145 Syslog Conn Reconnect OCSP Found | Sub Rule | Connection Established | Network Traffic |
| V 2.0 EVID 34146 Syslog Conn Reconnect CRL Found | Sub Rule | Connection Established | Network Traffic |
| V 2.0 EVID 34147 JGroups TLS Handshake Failed | Sub Rule | Handshake Failed | Warning |
| V 2.0 EVID 34148 JGroups TLS Handshake Succeeded | Sub Rule | Handshake Successful | Network Traffic |
| V 2.0 EVID 34149 HTTPS TLS Handshake Failed | Sub Rule | Handshake Failed | Warning |
| V 2.0 EVID 34150 HTTPS TLS Handshake Succeeded | Sub Rule | Handshake Successful | Network Traffic |
| V 2.0 EVID 34151 Certificate Validation Failed | Sub Rule | PKI-3-CERTIFICATE_INVALID | Error |
| V 2.0 EVID 34152 Certificate Validation Succeeded | Sub Rule | Certificate Valid | Information |
| V 2.0 EVID 34153 LDAP ID Store Connection Failed | Sub Rule | General Connection Failed | Error |
| V 2.0 EVID 34154 LDAP ID Store Conn. Succeeded | Sub Rule | Connection Established | Network Traffic |
| V 2.0 EVID 34155 Mac Address Already Exists | Sub Rule | MAC Address Already Exists | Warning |
| V 2.0 EVID 34156 CARS Network Config Reset | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 34157 EAP-TTLS Not Initialize | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 34158 EAP-TTLS Server-Cert. Not Init. | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 34159 LDAPS Conn Established Success | Sub Rule | Connection Established | Network Traffic |
| V 2.0 EVID 34160 LDAPS Conn Terminated Success | Sub Rule | Connection Terminated | Network Traffic |
| V 2.0 EVID 34161 LDAPS Conn Establishment Failed | Sub Rule | Connection Failed | Network Traffic |
| V 2.0 EVID 34162 LDAPS Conn Terminated SSL Error | Sub Rule | Connection Terminated | Network Traffic |
| V 2.0 EVID 34163 LDAPS Conn Establishment Failed | Sub Rule | Connection Failed | Network Traffic |
| V 2.0 EVID 34164 LDAPS Conn Terminate Non-SSL Err | Sub Rule | Connection Terminated | Network Traffic |
| V 2.0 EVID 33511 TEAP Could Not Initialize TEAP | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 33512 Could Not Init. Complete TEAP | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 33513 Could Not Initialize TEAP | Sub Rule | Failed To Initialize Service | Error |
| V 2.0 EVID 33514 Sent TEAP Res TLV Indicat Succ. | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 33515 Sent TEAP Res TLV Indicate Fail | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 33516 TLV Indicating Success | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 33517 TLV Indicating Failure | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 33518 No Cipher For Full Handshake | Sub Rule | Handshake Failed | Warning |
| V 2.0 EVID 34170 Active PxGrid Cloud Node Unable | Sub Rule | Unable To Establish Connection | Error |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| pri_num | N/A | N/A | Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23) |
| time | N/A | N/A | Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss. |
| IP address/hostname | N/A | N/A | IP address of the originating Cisco ISE node, or the hostname. |
| cat_name | <vendorinfo> | Text/String | Logging category name preceded by the CSCOxxx string. |
| msg_id | N/A | N/A | Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted. |
| total_seg | N/A | N/A | Total number of segments in a log message. Long messages are divided into more than one segment. Note: The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings. |
| seg_num | N/A | N/A | Segment sequence number within a message. Use this number to determine what segment of the message you are viewing. |
| timestamp | N/A | N/A | Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format: YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm. |
| sequence_num | N/A | N/A | Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999. |
| msg_code | <vmid> <tag1> | Number | Message code as defined in the logging categories. |
| msg_sev | <severity> | Text/String | Message severity level of a log message. |
| msg_class | <subject> | Text/String | Message class, which identifies groups of messages with the same context. |
| msg_text | <action> | Text/String | English language descriptive text message. |
| ConfigVersionId | <version> | Number | N/A |
| LogErrorMessage | <result> | Text/String | N/A |
| Key1 | N/A | N/A | N/A |
| Key2 | N/A | N/A | N/A |