Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 Policy Diagnostics Event |
Base Rule |
Diagnostic Information |
Information |
|
V 2.0 EVID 15001 Adapter Contain Atleast One Val |
Sub Rule |
Incorrect Database Configuration |
Error |
|
V 2.0 EVID 15002 Configured Operator Failed |
Sub Rule |
Database Configuration Change Failed |
Error |
|
V 2.0 EVID 15003 Incorrect Database Configuration |
Sub Rule |
Incorrect Database Configuration |
Error |
|
V 2.0 EVID 15004 Matched Rule |
Sub Rule |
Matched Rule |
Information |
|
V 2.0 EVID 15005 Matched Monitored Rule |
Sub Rule |
Matched Monitored Rule |
Information |
|
V 2.0 EVID 15006 Matched Default Rule |
Sub Rule |
Matched Default Rule |
Information |
|
V 2.0 EVID 15007 Policy Result Type Unmatched |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15008 Evaluating Svc Selection Policy |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15009 Authorization Policy Not Config |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15010 Policy Not Configured |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15011 Authorization Policy Not Config |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15012 Selected Access Service |
Sub Rule |
Access Service Selected |
Information |
|
V 2.0 EVID 15013 Selected Identity Source |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15015 Could Not Find ID Store |
Sub Rule |
ID Store Not Found |
Error |
|
V 2.0 EVID 15016 Selected Authorization Profile |
Sub Rule |
Authorization Profile Selected |
Information |
|
V 2.0 EVID 15017 Selected Shell Profile |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15018 Selected Command Set |
Sub Rule |
Command Set Selected |
Information |
|
V 2.0 EVID 15019 Authorization Profiles Not Find |
Sub Rule |
Authorization Profiles Not Found |
Error |
|
V 2.0 EVID 15020 Shell Profiles Not Find |
Sub Rule |
Shell Profiles Not Found |
Error |
|
V 2.0 EVID 15021 Command Set Not Find |
Sub Rule |
Command Set Not Found |
Warning |
|
V 2.0 EVID 15022 Access Service Not Find |
Sub Rule |
Access Service Not Found |
Error |
|
V 2.0 EVID 15023 Could Not Match Rule |
Sub Rule |
Rule Not Matched |
Information |
|
V 2.0 EVID 15024 PAP Not Allowed |
Sub Rule |
PAP Not Allowed |
Information |
|
V 2.0 EVID 15025 Policy Not Configured |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15026 External Policy Server Not Found |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15027 External Policy Server Selected |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15028 Sending Request To Ext. Server |
Sub Rule |
Sending Request |
Information |
|
V 20 EVID 15029 Attr Not Retrieve Frm Ext Policy |
Sub Rule |
Attributes Not Retrieved |
Error |
|
V 2.0 EVID 15030 Misconfig Of Ext. Policy Server |
Sub Rule |
Apparent Misconfiguration |
Error |
|
V 2.0 EVID 15031 Ext Policy Attributes Retrieved |
Sub Rule |
Attributes Retrieved |
Information |
|
V 2.0 EVID 15032 Evaluating External Policy Check |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15033 Mapping Policy Not Configured |
Sub Rule |
Policy Not Configured |
Error |
|
V 2.0 EVID 15034 Skip External Policy Check |
Sub Rule |
Policy Check Skipped |
Warning |
|
V 2.0 EVID 15035 Evaluating Exception Auth Policy |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15036 Evaluating Authorization Policy |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15037 Access Service |
Sub Rule |
Access Service Selected |
Information |
|
V 2.0 EVID 15038 Skipping External Policy |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15039 Rejected Per Auth. Profile |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15040 Attribute Not Defined Cert. |
Sub Rule |
Missing Attribute |
Warning |
|
V 2.0 EVID 15041 Evaluating Identity Policy |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15042 No Rule Was Matched |
Sub Rule |
Rule Not Matched |
Information |
|
V 2.0 EVID 15043 Attribute Value Unavailable |
Sub Rule |
Missing Attribute |
Warning |
|
V 2.0 EVID 15044 Evaluating Group Mapping Policy |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15045 CHAP Not Allowed |
Sub Rule |
CHAP Not Allowed |
Warning |
|
V2.0 EVID 15046 MS-CHAP V1 Disabled |
Sub Rule |
Protocol Disabled |
Information |
|
V2.0 EVID 15047 MS-CHAP V2 Disabled |
Sub Rule |
Protocol Disabled |
Information |
|
V 2.0 EVID 15048 Queried PIP |
Sub Rule |
Query Information |
Information |
|
V 2.0 EVID 15049 Evaluating Policy Group |
Sub Rule |
Evaluating Policy |
Other Audit |
|
V 2.0 EVID 15050 Dev. Not Support Config Of VLAN |
Sub Rule |
Caution Message Concerning Vlan Configuration |
Information |
|
V 2.0 EVID 15051 Device Not Support Config Of ACL |
Sub Rule |
Unsupported ACL |
Warning |
|
V 2.0 EVID 15052 Authorization Profile Not Suited |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15053 N/W Access Dev. Not Support CoA |
Sub Rule |
General Audit Message |
Other Audit |
|
V 2.0 EVID 15054 Sending SNMP Set |
Sub Rule |
SNMPD Debug Message |
Information |
|
V 2.0 EVID 15055 SNMP CoA Failed |
Sub Rule |
SNMPD Debug Message |
Information |
|
V 2.0 EVID 15056 Portal Settings Undefined |
Sub Rule |
Interface Configuration Error |
Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
pri_num |
N/A |
N/A |
Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value.
|
|
time |
N/A |
N/A |
Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss. |
|
IP address/hostname |
N/A |
N/A |
IP address of the originating Cisco ISE node, or the hostname. |
|
cat_name |
<vendorinfo> |
Text/String |
Logging category name preceded by the CSCOxxx string. |
|
msg_id |
N/A |
N/A |
Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted. |
|
total_seg |
N/A |
N/A |
Total number of segments in a log message. Long messages are divided into more than one segment.
|
|
seg_num |
N/A |
N/A |
Segment sequence number within a message. Use this number to determine what segment of the message you are viewing. |
|
timestamp |
N/A |
N/A |
Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format : YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm. |
|
sequence_num |
N/A |
N/A |
Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999. |
|
msg_code |
<vmid>
|
Number |
Message code as defined in the logging categories. |
|
msg_sev |
<severity> |
Text/String |
Message severity level of a log message. |
|
msg_class |
<subject> |
Text/String |
Message class, which identifies groups of messages with the same context. |
|
msg_text |
<action> |
Text/String |
English language descriptive text message. |
|
Key1 |
N/A |
N/A |
N/A |
|
Key2 |
N/A |
N/A |
N/A |
|
ConfigVersionId |
N/A |
N/A |
N/A |
|
Device IP Address |
N/A |
N/A |
N/A |
|
UserName |
<login> |
Text/String |
N/A |
|
Protocol |
<protname> |
Text/String |
N/A |
|
RequestReceivedTime |
N/A |
N/A |
N/A |
|
PolicyType |
N/A |
N/A |
N/A |
|
OriginalUserName |
N/A |
N/A |
N/A |
|
AcsSessionID |
<session> |
Text/String |
N/A |
|
SelectedAccessService |
N/A |
N/A |
N/A |
|
SelectedAuthorizationProfiles |
N/A |
N/A |
N/A |
|
IdentityPolicyMatchedRule |
N/A |
N/A |
N/A |
|
AuthorizationPolicyMatchedRule |
N/A |
N/A |
N/A |
|
CPMSessionID |
N/A |
N/A |
N/A |
|
ISEPolicySetName |
<policy> |
Text/String |
N/A |
|
IdentitySelectionMatchedRule |
N/A |
N/A |
N/A |
|
HostIdentityGroup |
<group> |
Text/String |
N/A |
|
Name |
N/A |
N/A |
N/A |
|
Response |
<result> |
Text/String |
N/A |