Skip to main content

 

 

Cisco Defense Orchestrator

EventGroup and EventGroupDefinition Attributes for Some Syslog Messages

Some syslog events will have the additional attributes “EventGroup” and “EventGroupDefinition”. You will be able to filter the events table to find events using these additional attributes by filtering by attribute:value pairs. For example, you could filter for Application Firewall events by entering apfw:415* in the search field of the Event Logging table. 

Syslog Message Classes and Associated Message ID Numbers

EventGroup 

EventGroupDefinition

Syslog Message ID Numbers (first 3 digits)

aaa/auth

User Authentication

109, 113

acl/session

Access Lists/User Session

106

apfw

Application Firewall

415

bridge

Transparent Firewall

110, 220

ca

PKI Certification Authority

717

citrix

Citrix Client

723

clst

Clustering

747

cmgr

Card Management

323

config

Command Interface

111, 112, 208, 308

csd

Secure Desktop

724

cts

Cisco TrustSec

776

dap

Dynamic Access Policies

734

eap, eapoudp

EAP or EAPoUDP for Network Admission Control

333, 334

eigrp

EIGRP Routing

336

email

E-mail Proxy

719

ipaa/envmon

Environment Monitoring

735

ha

Failover

101, 102, 103, 104, 105, 210, 311, 709

idfw

Identity-based Firewall

746

ids Intrusion Detection System 733

ids/ips

Intrusion Detection System / Intrusion Protection System

400

ikev2

IKEv2 Toolkit

750, 751, 752

ip

IP Stack

209, 215, 313, 317, 408

ipaa

IP Address Assignment

735

ips

Intrusion Protection System

401, 420

ipv6

IPv6

325

l4tm

Block lists, Allow lists, grey lists

338

lic

Licensing

444

mdm-proxy

MDM Proxy

802

nac

Network Admission Control

731, 732

vpn/nap

IKE and IPsec / Network Access Point

713

np

Network Processor

319

ospf

OSPF Routing

318, 409, 503, 613

passwd

Password Encryption

742

pp

Phone Proxy

337

rip

RIP Routing

107, 312

rm

Resource Manager

321

sch

Smart Call Home

120

session

User Session

108, 201, 202, 204, 302, 303, 304, 314, 405, 406, 407, 500, 502, 607, 608, 609, 616, 620, 703, 710

snmp

SNMP

212

ssafe

ScanSafe

775

ssl/np ssl 

SSL Stack/NP SSL

725

svc

SSL VPN Client

722

sys

System

199, 211, 214, 216, 306, 307, 315, 414, 604, 605, 606, 610, 612, 614, 615, 701, 711, 741

tre

Transactional Rule Engine

780

ucime

UC-IME

339

tag-switching

Service Tag Switching

779

td Threat Detection 733

vm

VLAN Mapping

730

vpdn

PPTP and L2TP Sessions

213, 403, 603

vpn

IKE and IPsec

316, 320, 402, 404, 501, 602, 702, 713, 714, 715

vpnc

VPN Client

611

vpnfo

VPN Failover

720

vpnlb

VPN Load Balancing

718

vxlan

VXLAN

778

webfo

WebVPN Failover

721

webvpn

WebVPN and AnyConnect Client

716

session/natpat

User Session / NAT and PAT

305

  • Was this article helpful?