Skip to main content
Skip table of contents

V 2.0 Policy Diagnostics Event

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 Policy Diagnostics EventBase RuleDiagnostic InformationInformation
V 2.0 EVID 15001 Adapter Contain Atleast One ValSub RuleIncorrect Database ConfigurationError
V 2.0 EVID 15002 Configured Operator FailedSub RuleDatabase Configuration Change FailedError
V 2.0 EVID 15003 Incorrect Database ConfigurationSub RuleIncorrect Database ConfigurationError
V 2.0 EVID 15004 Matched RuleSub RuleMatched RuleInformation
V 2.0 EVID 15005 Matched Monitored RuleSub RuleMatched Monitored RuleInformation
V 2.0 EVID 15006 Matched Default RuleSub RuleMatched Default RuleInformation
V 2.0 EVID 15007 Policy Result Type UnmatchedSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15008 Evaluating Svc Selection PolicySub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15009 Authorization Policy Not ConfigSub RulePolicy Not ConfiguredError
V 2.0 EVID 15010 Policy Not ConfiguredSub RulePolicy Not ConfiguredError
V 2.0 EVID 15011 Authorization Policy Not ConfigSub RulePolicy Not ConfiguredError
V 2.0 EVID 15012 Selected Access ServiceSub RuleAccess Service SelectedInformation
V 2.0 EVID 15013 Selected Identity SourceSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15015 Could Not Find ID StoreSub RuleID Store Not FoundError
V 2.0 EVID 15016 Selected Authorization ProfileSub RuleAuthorization Profile SelectedInformation
V 2.0 EVID 15017 Selected Shell ProfileSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15018 Selected Command SetSub RuleCommand Set SelectedInformation
V 2.0 EVID 15019 Authorization Profiles Not FindSub RuleAuthorization Profiles Not FoundError
V 2.0 EVID 15020 Shell Profiles Not FindSub RuleShell Profiles Not FoundError
V 2.0 EVID 15021 Command Set Not FindSub RuleCommand Set Not FoundWarning
V 2.0 EVID 15022 Access Service Not FindSub RuleAccess Service Not FoundError
V 2.0 EVID 15023 Could Not Match RuleSub RuleRule Not MatchedInformation
V 2.0 EVID 15024 PAP Not AllowedSub RulePAP Not AllowedInformation
V 2.0 EVID 15025 Policy Not ConfiguredSub RulePolicy Not ConfiguredError
V 2.0 EVID 15026 External Policy Server Not FoundSub RulePolicy Not ConfiguredError
V 2.0 EVID 15027 External Policy Server SelectedSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15028 Sending Request To Ext. ServerSub RuleSending RequestInformation
V 20 EVID 15029 Attr Not Retrieve Frm Ext PolicySub RuleAttributes Not RetrievedError
V 2.0 EVID 15030 Misconfig Of Ext. Policy ServerSub RuleApparent MisconfigurationError
V 2.0 EVID 15031 Ext Policy Attributes RetrievedSub RuleAttributes RetrievedInformation
V 2.0 EVID 15032 Evaluating External Policy CheckSub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15033 Mapping Policy Not ConfiguredSub RulePolicy Not ConfiguredError
V 2.0 EVID 15034 Skip External Policy CheckSub RulePolicy Check SkippedWarning
V 2.0 EVID 15035 Evaluating Exception Auth PolicySub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15036 Evaluating Authorization PolicySub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15037 Access ServiceSub RuleAccess Service SelectedInformation
V 2.0 EVID 15038 Skipping External PolicySub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15039 Rejected Per Auth. ProfileSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15040 Attribute Not Defined Cert.Sub RuleMissing AttributeWarning
V 2.0 EVID 15041 Evaluating Identity PolicySub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15042 No Rule Was MatchedSub RuleRule Not MatchedInformation
V 2.0 EVID 15043 Attribute Value UnavailableSub RuleMissing AttributeWarning
V 2.0 EVID 15044 Evaluating Group Mapping PolicySub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15045 CHAP Not AllowedSub RuleCHAP Not AllowedWarning
V2.0 EVID 15046 MS-CHAP V1 DisabledSub RuleProtocol DisabledInformation
V2.0 EVID 15047 MS-CHAP V2 DisabledSub RuleProtocol DisabledInformation
V 2.0 EVID 15048 Queried PIPSub RuleQuery InformationInformation
V 2.0 EVID 15049 Evaluating Policy GroupSub RuleEvaluating PolicyOther Audit
V 2.0 EVID 15050 Dev. Not Support Config Of VLANSub RuleCaution Message Concerning Vlan ConfigurationInformation
V 2.0 EVID 15051 Device Not Support Config Of ACLSub RuleUnsupported ACLWarning
V 2.0 EVID 15052 Authorization Profile Not SuitedSub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15053 N/W Access Dev. Not Support CoASub RuleGeneral Audit MessageOther Audit
V 2.0 EVID 15054 Sending SNMP SetSub RuleSNMPD Debug MessageInformation
V 2.0 EVID 15055 SNMP CoA FailedSub RuleSNMPD Debug MessageInformation
V 2.0 EVID 15056 Portal Settings UndefinedSub RuleInterface Configuration ErrorError

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
pri_numN/AN/APriority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value.
The facility code valid options are:
LOCAL0 (Code = 16)
LOCAL1 (Code = 17)
LOCAL2 (Code = 18)
LOCAL3 (Code = 19)
LOCAL4 (Code = 20)
LOCAL5 (Code = 21)
LOCAL6 (Code = 22; default)
LOCAL7 (Code = 23)
timeN/AN/ADate of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss.
IP address/hostnameN/AN/AIP address of the originating Cisco ISE node, or the hostname.
cat_name<vendorinfo>Text/StringLogging category name preceded by the CSCOxxx string.
msg_idN/AN/AUnique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted.
total_segN/AN/ATotal number of segments in a log message. Long messages are divided into more than one segment.
Note : The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings.
seg_numN/AN/ASegment sequence number within a message. Use this number to determine what segment of the message you are viewing.
timestampN/AN/ADate of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format : YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm.
sequence_numN/AN/AGlobal counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999.
msg_code<vmid>
<tag1>		NumberMessage code as defined in the logging categories.
msg_sev<severity>Text/StringMessage severity level of a log message.
msg_class<subject> Text/StringMessage class, which identifies groups of messages with the same context.
msg_text<action> Text/StringEnglish language descriptive text message.
Key1N/AN/AN/A
Key2N/AN/AN/A
ConfigVersionIdN/AN/AN/A
Device IP AddressN/AN/AN/A
UserName<login>Text/StringN/A
Protocol<protname>Text/StringN/A
RequestReceivedTimeN/AN/AN/A
PolicyTypeN/AN/AN/A
OriginalUserNameN/AN/AN/A
AcsSessionID<session>Text/StringN/A
SelectedAccessServiceN/AN/AN/A
SelectedAuthorizationProfilesN/AN/AN/A
IdentityPolicyMatchedRuleN/AN/AN/A
AuthorizationPolicyMatchedRuleN/AN/AN/A
CPMSessionIDN/AN/AN/A
ISEPolicySetName<policy>Text/StringN/A
IdentitySelectionMatchedRuleN/AN/AN/A
HostIdentityGroup<group>Text/StringN/A
NameN/AN/AN/A
Response<result>Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close