V 2.0 MDM Diagnostics Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 MDM Diagnostics Event | Base Rule | General MDM Information | Information |
| V 2.0 EVID 89200 Invalid Payload Encountered | Sub Rule | Invalid Payload | Warning |
| V 2.0 EVID 89201 Invalid Session Encountered | Sub Rule | Session Invalidated | Warning |
| V 2.0 EVID 89202 Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
| V 2.0 EVID 89203 Authorization Failure | Sub Rule | Authorization Failed | Warning |
| V 2.0 EVID 89204 Auth Failure, User Interv. Req. | Sub Rule | Authorization Failed | Warning |
| V 2.0 EVID 89205 Internal Err While Handling MDE | Sub Rule | An Internal Error Has Occurred | Error |
| V 2.0 EVID :89206 Mobile Device Enrollment Expired | Sub Rule | General Audit Message | Other Audit |
| V 2.0 EVID 89207 Unsupported Mobile Device | Sub Rule | General Error Information | Error |
| V 2.0 EVID 89208 Authentication Attempt Exceeded | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 89209 Mob. Dev. Enrollment Req Failed | Sub Rule | Failed To Complete Request | Error |
| V 2.0 EVID 89210 Mob. Dev. Enrollment Req Failed | Sub Rule | Failed To Complete Request | Error |
| V 2.0 EVID 89211 Invalid Payload Encountered | Sub Rule | Invalid Payload | Warning |
| V 2.0 EVID 89212 Unsupported Mobile Device | Sub Rule | General Error Information | Error |
| V 2.0 EVID 89213 Profile Signing Failed | Sub Rule | Profile Configuration Failure | Error |
| V 2.0 EVID 89214 Profile Encryption Failed | Sub Rule | Unsuccessful Activity | Other Audit Failure |
| V 2.0 EVID 89215 Invalid Payload Encountered | Sub Rule | Invalid Payload | Warning |
| V 2.0 EVID 89216 Auth. Failure Encountered | Sub Rule | Authorization Failed | Warning |
| V 2.0 EVID 89217 Int Err During Profile Prov Req | Sub Rule | An Internal Error Has Occurred | Error |
| V 2.0 EVID 89218 Profile Signing Failed | Sub Rule | Profile Configuration Failure | Error |
| V 2.0 EVID 89219 Application Request Timed Out | Sub Rule | Connect Request Timed Out | Other Operations |
| V 2.0 EVID 89220 Int Err During Application Req | Sub Rule | An Internal Error Has Occurred | Error |
| V 2.0 EVID 89221 Request Timed Out | Sub Rule | Connect Request Timed Out | Other Operations |
| V 2.0 EVID 89222 Token Resets Exceeded | Sub Rule | General Audit Message | Other Audit |
| V 2.0 EVID 89223 Send Token Failed | Sub Rule | Failed Configuration | Other Audit Failure |
| V 2.0 EVID 89224 Token Configurations Incomplete | Sub Rule | Token Error | Error |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| pri_num | N/A | N/A | Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23) |
| time | N/A | N/A | Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss. |
| IP address/hostname | N/A | N/A | IP address of the originating Cisco ISE node, or the hostname. |
| cat_name | <vendorinfo> | Text/String | Logging category name preceded by the CSCOxxx string. |
| msg_id | N/A | N/A | Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted. |
| total_seg | N/A | N/A | Total number of segments in a log message. Long messages are divided into more than one segment. Note : The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings. |
| seg_num | N/A | N/A | Segment sequence number within a message. Use this number to determine what segment of the message you are viewing. |
| timestamp | N/A | N/A | Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format : YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm. |
| sequence_num | N/A | N/A | Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999. |
| msg_code | <vmid> <tag1> | Number | Message code as defined in the logging categories. |
| msg_sev | <severity> | Text/String | Message severity level of a log message. |
| msg_class | <subject> | Text/String | Message class, which identifies groups of messages with the same context. |
| msg_text | <action> | Text/String | English language descriptive text message. |
| Key1 | N/A | N/A | N/A |
| Key2 | N/A | N/A | N/A |