Skip to main content

Illumio Core 23.2 Administration Guide

List of Event Types

The following table provides the types of JSON events generated and their description. For each of these events, the CEF/LEEF success or failure events generated are the event name followed by .success or .failure.

For example, the CEF/LEEF success event for agent.activate is agent.activate.success and the failure event is agent.activate.failure.

Each event can generate a variety of notification messages. See Notification Messages in Events.

JSON Event Type

Description

access_restriction.create

Access restriction created

access_restriction.delete

Access restriction deleted

access_restriction.update

Access restriction updated

agent.activate

Agent paired

agent.activate_clone

Agent clone activated

agent.clone_detected

Agent clone detected

agent.deactivate

Agent unpaired

agent.generate_maintenance_token

Generate maintenance token for any agent

agent.goodbye

Agent disconnected

agent.machine_identifier

Agent machine identifiers updated

agent.refresh_token

Agent refreshed token

agent.refresh_policy

Success or failure to apply policy on VEN

agent.request_upgrade

VEN upgrade request sent

agent.service_not_available

Agent reported a service not running

agent.suspend

Agent suspended

agent.tampering

Agent firewall tampered

agent.unsuspend

Agent unsuspended

agent.update

Agent properties updated.

agent.update_interactive_users

Agent interactive users updated

agent.update_iptables_href

Agent updated existing iptables href

agent.update_running_cont ainers

Agent updated existing containers

agent.upload_existing_ip_table_rules

Agent existing IP tables uploaded

agent.upload_support_report

Agent support report uploaded

agent_support_report_request.create

Agent support report request created

agent_support_report_request.delete

Agent support report request deleted

agents.clear_conditions

Condition cleared from a list of VENs

agents.unpair

Multiple agents unpaired

api_key.create

API key created

api_key.delete

API key deleted

api_key.update

API key updated

auth_security_principal.create

RBAC auth security principal created

auth_security_principal.delete

RBAC auth security principal deleted

auth_security_principal.update

RBAC auth security principal updated

authentication_settings.update

Authentication settings updated

cluster.create

PCE cluster created

cluster.delete

PCE cluster deleted

cluster.update

PCE cluster updated

container_workload.update

Container workload updated

container_cluster.create

Container cluster created

container_cluster.delete

Container cluster deleted

container_cluster.update

Container cluster updated

container_cluster.update_label_map

Container cluster label mappings updated all at once

container_cluster.update_services

Container cluster services updated, created, or deleted by Kubelink

container_workload_profile.create

Container workload profile created

container_workload_profile.delete

Container workload profile deleted

container_workload_profile.update

Container workload profile updated

database.temp_table_autocleanup_started

DB temp table cleanup started

database.temp_table_autocleanup_completed

DB temp table cleanup completed

domain.create

Domain created

domain.delete

Domain deleted

domain.update

Domain updated

enforcement_boundary.create

Enforcement boundary created

enforcement_boundary.delete

Enforcement boundary deleted

enforcement_boundary.update

Enforcement boundary updated

event_settings.update

Event settings updated

firewall_settings.update

Global policy settings updated

group.create

Group created

group.update

Group updated

ip_list.create

IP list created

ip_list.delete

IP list deleted

ip_list.update

IP list updated

ip_lists.delete

IP lists deleted

ip_tables_rule.create

IP tables rules created

ip_tables_rule.delete

IP tables rules deleted

ip_tables_rule.update

IP tables rules updated

job.delete

Job deleted

label.create

Label created

label.delete

Label deleted

label.update

Label updated

label_group.create

Label group created

label_group.delete

Label group deleted

label_group.update

Label group updated

labels.delete

Labels deleted

ldap_config.create

LDAP configuration created

ldap_config.delete

LDAP configuration deleted

ldap_config.update

LDAP configuration updated

ldap_config.verify_connection

LDAP server connection verified

license.delete

License deleted

license.update

License updated

login_proxy_ldap_config.create

Interservice call to login service to create LDAP config

login_proxy_ldap_config.delete

Interservice call to login service to delete LDAP config

login_proxy_ldap_config.update

Interservice call to login service to update LDAP config

login_proxy_ldap_config.verify_connection

Interservice call to login service to verify connection to the LDAP server

login_proxy_msp_tenants.create

New MSP tenant created

login_proxy_msp_tenants.delete

MSP tenant deleted

login_proxy_msp_tenants.update

MSP tenant updated

login_proxy_orgs.create

New managed organization created

login_proxy_orgs.delete

Managed organization deleted

login_proxy_orgs.update

Managed organization updated

lost_agent.found

Lost agent found

network.create

Network created

network.delete

Network deleted

network.update

Network updated

network_device.ack_enforcement_instructions_applied

Enforcement instruction applied to a network device

network_device.assign_workload

Existing or new unmanaged workload assigned to a network device

network_device.create

Network device created

network_device.delete

Network device deleted

network_device.update

Network device updated

network_devices.ack_multi_enforcement_instructions_applied

Enforcement instructions applied to multiple network devices

network_endpoint.create

Network endpoint created

network_endpoint.delete

Network endpoint deleted

network_endpoint.update

Network endpoint updated

network_enforcement_node.activate

Network enforcement node activated

network_enforcement_node.clear_conditions

Network enforcement node conditions cleared

network_enforcement_node.deactivate

Network enforcement node deactivated

network_enforcement_node.degraded

Network enforcement node failed or primary lost connectivity to secondary

network_enforcement_node.missed_heartbeats

Network enforcement node did not heartbeat for more than 15 minutes

network_enforcement_node.missed_heartbeats_check

Network enforcement node missed heartbeats check

network_enforcement_node.network_devices_network_endpoints_workloads

Workload added to network endpoint

network_enforcement_node.policy_ack

Network enforcement node acknowledgment of policy

network_enforcement_node.request_policy

Network enforcement node policy requested

network_enforcement_node.update

Updated the target PCE of the network enforcement node

network_enforcement_node.update_status

Network enforcement node reports when switches are not reachable

network_enforcement_nodes.clear_conditions

A condition was cleared from a list of network enforcement nodes

nfc.activate

Network function controller created

nfc.delete

Network function controller deleted

nfc.update_discovered_virtual_servers

Network function controller virtual servers discovered

nfc.update_policy_status

Network function controller policy status

nfc.update_slb_state

Network function controller SLB state updated

org.create

Organization created

org.recalc_rules

Rules for organization recalculated

org.update

Organization information updated

pairing_profile.create

Pairing profile created

pairing_profile.create_pairing_key

Pairing profile pairing key created

pairing_profile.delete

Pairing profile deleted

pairing_profile.update

Pairing profile updated

pairing_profile.delete_all_pairing_keys

Pairing keys deleted from pairing profile

pairing_profiles.delete

Pairing profiles deleted

password_policy.create

Password policy created

password_policy.delete

Password policy deleted

password_policy.update

Password policy updated

permission.create

RBAC permission created

permission.delete

RBAC permission deleted

permission.update

RBAC permission updated

radius_config.create

Create domain RADIUS configuration

radius_config.delete

Delete domain RADIUS configuration

radius_config.update

Update domain RADIUS configuration

radius_config.verify_shared_secret

Verify RADIUS shared secret

request.authentication_failed

API request authentication failed

request.authorization_failed

API request authorization failed

request.internal_server_error

API request failed due to internal server error

request.service_unavailable

API request failed due to unavailable service

request.unknown_server_error

API request failed due to unknown server error

resource.create

Login resource created

resource.delete

Login resource deleted

resource.update

Login resource updated

rule_set.create

Rule set created

rule_set.delete

Rule set deleted

rule_set.update

Rule set updated

rule_sets.delete

Rule sets deleted

saml_acs.update

SAML assertion consumer services updated

saml_config.create

SAML configuration created

saml_config.delete

SAML configuration deleted

saml_config.pce_signing_cert

Generate a new cert for signing SAML AuthN requests

saml_config.update

SAML configuration updated

saml_sp_config.create

SAML Service Provider created

saml_sp_config.delete

SAML Service Provider deleted

saml_sp_config.update

SAML Service Provider updated

sec_policy.create

Security policy created

sec_policy_pending.delete

Pending security policy deleted

sec_policy.restore

Security policy restored

sec_rule.create

Security policy rules created

sec_rule.delete

Security policy rules deleted

sec_rule.update

Security policy rules updated

secure_connect_gateway.create

SecureConnect gateway created

secure_connect_gateway.delete

SecureConnect gateway deleted

secure_connect_gateway.update

SecureConnect gateway updated

security_principal.create

RBAC security principal created

security_principal.delete

RBAC security principal bulk deleted

security_principal.update

RBAC security principal bulk updated

security_principals.bulk_create

RBAC security principals bulk created

service.create

Service created

service.delete

Service deleted

service.update

Service updated

service_account.create

Service account created

service_account.delete

Service account deleted

service_account.update

Service account updated

service_binding.create

Service binding created

service_binding.delete

Service binding created

service_bindings.delete

Service bindings deleted

service_bindings.delete

Service binding deleted

services.delete

Services deleted

settings.update

Explorer settings updated

slb.create

Server load balancer created

slb.delete

Server load balancer deleted

slb.update

Server load balancer updated

support_report.upload

Support report uploaded

syslog_destination.create

syslog remote destination created

syslog_destination.delete

syslog remote destination deleted

syslog_destination.update

syslog remote destination updated

system_task.agent_missed_heartbeats_check

Agent missed heartbeats

system_task.agent_missing_heartbeats_after_upgrade

VEN missing heartbeat after upgrade

system_task.agent_offline_check

Agents marked offline

system_task.agent_self_signed_certs_check

VEN self signed certificate housekeeping check

system_task.agent_settings_invalidation_error_state_check

VEN settings invalidation error state check

system_task.agent_uninstall_timeout

VEN uninstall timeout

system_task.clear_auth_recover_condition

Clear VEN authentication recovery condition

system_task.compute_policy_for_unmanaged_workloads

Compute policy for unmanaged workloads

system_task.delete_expired_service_account_api_keys

An expired service account api_key was successfully deleted

system_task.delete_old_cached_perspectives

Delete old cached perspectives

system_task.endpoint_offline_check

Endpoint marked offline

system_task.provision_container_cluster_services

Container cluster services provisioned

system_task.prune_old_log_events

Event pruning completed

system_task.remove_stale_zone_subsets

Stale zone subnets removed

system_task.set_server_sync_check

Set server synced

system_task.vacuum_deactivated_agent_and_deleted_workloads

Deactivated and deleted workloads have been vacuumed

traffic_collector_setting.create

Traffic collector setting created

traffic_collector_setting.delete

Traffic collector setting deleted

traffic_collector_setting.update

Traffic collector setting updated

trusted_proxy_ips.update

Trusted proxy IPs created or updated

user.accept_invitation

User invitation accepted

user.authenticate

User authenticated

user.create

User created

user.delete

User deleted

user.invite

User invited

user.login

User logged in

user.login_session_terminated

User login session terminated

user.logout

User logged

user.pce_session_terminated

User session terminated

user.reset_password

User password reset

user.sign_in

User session created

user.sign_out

User session terminated

user.update

User information updated

user.update_password

User password updated

user.use_expired_password

User entered expired password

user.verify_mfa

User verified MFA

users.auth_token

Auth token returned for user authentication on PCE

user_local_profile.create

User local profile created

user_local_profile.delete

User local profile deleted

user_local_profile.reinvite

User local profile reinvited

user_local_profile.update_password

User local password updated

ven_settings.update

VEN settings updated

ven_software.upgrade

VEN software release upgraded

ven_software_release.create

VEN software release created

ven_software_release.delete

VEN software release deleted

ven_software_release.deploy

VEN software release deployed

ven_software_release.update

VEN software release updated

ven_software_releases.set_default_version

Default VEN software version set

virtual_server.create

Virtual server created

virtual_server.delete

Virtual server created

virtual_server.update

Virtual server updated

virtual_service.create

Virtual service created

virtual_service.delete

Virtual service deleted

virtual_service.update

Virtual service updated

virtual_services.bulk_create

Virtual services created in bulk

virtual_services.bulk_update

Virtual services updated in bulk

vulnerability.create

Vulnerability record created

vulnerability.delete

Vulnerability record deleted

vulnerability.update

Vulnerability record updated

vulnerability_report.delete

Vulnerability report deleted

vulnerability_report.update

Vulnerability report updated

workload.create

Workload created

workload.delete

Workload deleted

workload.online

Workload online

workload.recalc_rules

Workload policy recalculated

workload.redetect_network

Workload network redetected

workload.undelete

Workload undeleted

workload.update

Workload settings updated

workload.upgrade

Workload upgraded

workload_interface.create

Workload interface created

workload_interface.delete

Workload interface deleted

workload_interface.update

Workload interface updated

workload_interfaces.update

Workload interfaces updated

For example, IP address changes, new interface added, and interface shut down.

workload_service_report.update

Workload service report updated

workload_settings.update

Workload settings updated

workloads.apply_policy

Workloads policies applied

workloads.bulk_create

Workloads created in bulk

workloads.bulk_delete

Workloads deleted in bulk

workloads.bulk_update

Workloads updated in bulk

workloads.remove_labels

Workloads labels removed

workloads.set_flow_reporting_frequency

Workload flow reporting frequency changed

workloads.set_labels

Workload labels applied

workloads.unpair

Workloads unpaired

workloads.update

Workloads updated

Notification Messages in Events

Events can generate a variety of notifications that are appended after the event type:

  • agent.clone_detected

  • agent.fw_state_table_threshold_exceeded

  • agent.missed_heartbeats

  • agent.missing_heartbeats_after_upgrade

  • agent.policy_deploy_failed

  • agent.policy_deploy_succeeded

  • agent.process_failed

  • agent.service_not_available

  • agent.upgrade_requested

  • agent.upgrade_successful

  • agent.upgrade_time_out

  • container_cluster.duplicate_machine_id

  • container_cluster.region_mismatch

  • container_workload.invalid_pairing_config

  • container_workload.not_created

  • database.temp_table_autocleanup_completed

  • database.temp_table_autocleanup_started

  • hard_limit.exceeded

  • pce.application_started

  • pce.application_stopped

  • remote_syslog.reachable

  • remote_syslog.unreachable

  • request.authentication_failed

  • request.authorization_failed

  • request.internal_server_error

  • request.invalid

  • request.service_unavailable

  • request.unknown_server_error

  • sec_policy.restore

  • soft_limit.exceeded

  • system_task.event_pruning_completed

  • system_task.hard_limit_recovery_completed

  • user.csrf_validation_failed

  • user.login_failed

  • user.login_failure_count_exceeded

  • user.login_session_created

  • user.login_session_terminated

  • user.pce_session_created

  • user.pce_session_terminated

  • user.pw_change_failure

  • user.pw_changed

  • user.pw_complexity_not_met

  • user.pw_reset_completed

  • user.pw_reset_requested

  • virtual_service.not_created

  • workload.duplicate_interface_reported

  • workload.nat_rules_present

  • workload.offline_after_ven_goodbye

  • workload.online

  • workload.oob_policy_changes

  • workload.partial_policy_delivered

  • workload.update_mismatched_interfaces

  • workloads.flow_reporting_frequency_updated

See also: