List of Incident IDs
The following table provides a list of the incident IDs you can use in rules.
The incident IDs are grouped in numerical ranges as follows.
Incident Range | Description |
1-199 | Incidents related to the appliance system |
200-299 | Core subsystem incidents |
300-399 | Update module incidents |
400-499 | UCE-subscribed lists incidents |
500-599 | Log File Manager incidents |
600-699 | sysconfd daemon incidents |
700-799 | Proxy module incidents |
800-899 | Virus and malware filtering incidents |
900-999 | Authentication incidents |
1000-1099 | URL filtering incidents |
1100-1199 | Quota management incidents |
1200-1299 | SSL certificate incidents |
1300-1399 | ICAP client incidents |
1400-1499 | Media type filtering incidents |
1500-1599 | Opener incidents |
1600-1699 | SSL certificate chain incidents |
1700-1799 | User interface incidents |
1800-1849 | External lists incidents |
1850-1899 | Application filtering incidents |
1900-1999 | Data Loss Prevention (DLP) incidents |
2000-2099 | Streaming media filtering incidents |
2100-2199 | Media type filtering incidents |
2200-2299 | Dynamic Content Classifier incidents |
2300-2399 | Single sign-on service incidents |
2400-2499 | Cloud storage encryption incidents |
2500-2549 | Credential store incidents |
2550-2599 | Single Sign On (SSO) incidents |
2650-2699 | Cloud Access Security Broker (CASB) catalog incidents |
2800-2899 | Update Server Certificate Authority (CA) incidents |
3000-3200 | Central Management incidents |
3200-3399 | Web Hybrid incidents |
3400-3499 | Web SaaS connector incidents |
3500-3599 | Protocol Detector incidents |
List of incident IDs
Incident ID | Description | Origin | Number and Name | Severity |
5 | A rule that uses an incident property was executed. | 1 | System | 7 |
20 | RAID monitoring reported critical status or failure of one or more hard disks. | 1 | Health Monitor | 4 |
21 | S.M.A.R.T health check reported an error on an HDD hard disk. | 1 | Health Monitor | 4 |
22 | File system usage has exceeded a configured limit. | 1 | Health Monitor | 4 |
23 | Memory usage has exceeded a configured limit. | 1 | Health Monitor | 4 |
24 | System load has exceeded a configured limit. | 1 | Health Monitor | 4 |
26 | A check has been executed to detect a BBU RAID error. | 1 | Health Monitor | 4200 |
200 | The license expiration date has been checked. | 2 | Core | 6 |
201 | The appliance has successfully completed all FIPS 140-2 self-tests. | 2 | Core | 6 |
211 | The maximum number of entries in dashboard report x has been exceeded. | 2 | Statistics | 4 |
298 | Update of product x succeeded. | 2 | Core | 6 |
299 | Update of product x failed. | 2 | Core | 3 |
250 | An entry in a list is invalid and will be ignored. | 2 | Core | 3 |
301 | Download of update files was stopped because there is not enough disk space. | 3 | Updater | 3 |
302 | Download of product x failed on node y. | 3 | Updater | 3 |
303 | Update of product x failed on node y. | 3 | Updater | 3 |
304 | Status of product x on node y is up to date. | 3 | Updater | 3 |
305 | The update module could not connect to an update server. | 3 | Updater | 3 |
321 | Download of product x succeeded on node y. | 3 | Updater | 6 |
322 | Download of product x succeeded on node y. | 3 | Updater | 6 |
323 | Update of customer subscribed list x succeeded on node y. | 3 | Customer Subscribed List Manager | 6 |
324 | Update of customer subscribed list x failed on nodes y, z, ... | 3 | Customer Subscribed List Manager | 3 |
325 | Status of customer subscribed list x on node y is up to date. | 3 | Customer Subscribed List Manager | 6 |
326 | Download of customer subscribed list x failed on nodes y, z, ... | 3 | Customer Subscribed List Manager | 3 |
327 | Download of McAfee subscribed list x failed on nodes y, z, ... | 3 | Updater | 3 |
328 | Update of McAfee subscribed list x failed on nodes y, z, ... | 3 | Updater | 3 |
329 | Status of McAfee subscribed list x on nodes y, z, ... is up to date. | 3 | Updater | 6 |
330 | Update of McAfee subscribed list x succeeded on node y. | 3 | Updater | 6 |
331 | Processing scheduled job x succeeded | 3 | Scheduled Job Manager | 6 |
332 | Processing scheduled job x failed. | 3 | Scheduled Job Manager | 3 |
333 | Update of updatable system lists failed on node y. | 3 | Central Updater | 3 |
334 | Update of updatable system lists succeeded on node y. | 3 | Central Updater | 6 |
335 | Status of updatable system lists on node y is up to date. | 3 | Central Updater | 6 |
340-349 | Migration failed for different reasons. | 3 | Migration | 6 |
423 | Update of UCE-subscribed list x succeeded on node y. | 3 | UCE Subscribed Lists | 6 |
424 | Update of UCE-subscribed list x failed on node y. | 3 | UCE Subscribed Lists | 3 |
425 | Status of UCE-subscribed list x on node y is up to date. | 3 | UCE Subscribed Lists | 6 |
426 | Download of UCE subscribed list x failed on nodes y, z, ... | 3 | UCE Subscribed Lists | 3 |
500 | The log manager experienced an unrecoverable internal error and will terminate. | 5 | Log File Manager | 2 |
501 | Log File Manager failed to push log files. | 5 | Log File Manager | 3 |
600 | A yum update contained packages that require a restart of the appliance to become effective. | 6 | mwg-update | 4 |
601 | A yum update was successfully completed. | 6 | mwg-update | 5 |
602 | A yum update failed. | 6 | mwg-update | 3 |
620 | A major distribution upgrade was successfully completed. | 6 | mwg-dist-upgrade | 5 |
621 | A major distribution upgrade is in progress. The appliance will restart automatically. | 6 | mwg-dist-upgrade | 4 |
622 | A major distribution upgrade failed. Check the upgrade log file. | 6 | mwg-dist-upgrade | 3 |
666 | A FIPS 140-2 self-test failed on node y. The node is running in non-FIPS mode. | 1 | FIPS | 0 |
700 | The number of concurrent connections has exceeded the configured overload limit. The appliance has entered overload status. Requests sent to the appliance are accepted with delay. | 2 | Proxy | 2 |
701 | The appliance is in overload status for more than 30 seconds. Requests sent to the appliance are accepted with delay. | 2 | Proxy | 2 |
702 | The appliance has left overload status. Requests sent to the appliance are again accepted without delay. | 2 | Proxy | 4 |
703 | The number of concurrent connections has exceeded the configured high-load limit. The appliance has entered high-load status. Requests sent to the appliance are accepted with a delay. | 2 | Proxy | 4 |
704 | The appliance is in high-load status for more than 30 seconds. Requests sent to the appliance are accepted with a delay. | 2 | Proxy | 4 |
705 | The number of concurrent connections has dropped below 85 % of the configured high-load limit. The appliance is still in high-load status. Requests sent to the appliance are accepted with a delay. | 2 | Proxy | 6 |
710 | A next-hop proxy server is down and will not be available for n seconds. | 2 | Proxy | 4 |
711 | The appliance could not connect to a next-hop proxy server. | 2 | Proxy | 4 |
712 | A next-hop proxy server has moved back from error status to normal operation. | 2 | Proxy | 6 |
720 | The listener on IP address x, port y could not be opened. | 2 | Proxy | 2 |
730 | A changed proxy mode configuration requires a restart of the appliance. | 2 | Proxy | 2 |
740 | The number of concurrent connections has exceeded the overload limit that is configured for an IFP proxy. Overload status has been entered. New requests are not processed. | 2 | Proxy | 2 |
741 | Overload status lasts more than 30 seconds for an IFP proxy. New requests are not processed. | 2 | Proxy | 2 |
742 | Overload status has been left for an IFP proxy. Requests are again accepted without delay. | 2 | Proxy | 4 |
743 | The number of concurrent connections has exceeded the high-load limit that is configured for an IFP proxy. High-load status has been entered. New requests are not processed. | 2 | Proxy | 4 |
744 | High-load status lasts more than 30 seconds for an IFP proxy. New requests are not processed. | 2 | Proxy | 4 |
745 | The number of concurrent connections has dropped below 85 % of the high-load limit that is configured for an IFP proxy. High-load status is still on. Requests are accepted with a delay. | 2 | Proxy | 6 |
750 | A key for the HSM Agent could not be loaded due to an error on the appliance side. | 2 | Proxy | 2 |
751 | A key for the HSM Agent could not be loaded due to an error on the agent side. | 2 | Proxy | 2 |
752 | The ID of a key for an HSM Agent could not be retrieved due to an error on the appliance side. | 2 | Proxy | 2 |
753 | The ID of a key for an HSM Agent could not be retrieved due to an error on the agent side. | 2 | Proxy | 2 |
760 | The WCCP listener could not be started. | 2 | Proxy | 2 |
761 | WCCP could not start send and listener threads. | 2 | Proxy | 2 |
762 | WCCP could not resolve the router address <host>. | 2 | Proxy | 3 |
763 | WCCP could not join the multicast group <host>. | 2 | Proxy | 3 |
764 | An error occurred when reading WCCP sockets or writing to them. | 2 | Proxy | 3 |
765 | Authentication with the WCCP router <host> failed. | 2 | Proxy | 3 |
766 | WCCP message parsing failed and malformed packets were created. | 2 | Proxy | 3 |
767 | The WCCP service ID or group could not be found. | 2 | Proxy | 3 |
768 | A WCCP router for a service ID was added. | 2 | Proxy | 6 |
769 | A WCCP router for a service ID was removed. | 2 | Proxy | 6 |
850 | An update of the MGAM module for virus and malware filtering was successfully completed. | 2 | Anti-Malware Filter | 6 |
851 | An update of the MGAM module for virus and malware filtering failed. | 2 | Anti-Malware Filter | 3 |
852 | Download or verification of the update files for the MGAM module failed. | 2 | Anti-Malware Filter | 3 |
853 | The version of the MGAM module for virus and malware filtering is up to date. | 2 | Anti-Malware Filter | 6 |
854 | An update of the Avira module for virus and malware filtering was successfully completed. | 2 | Anti-Malware Filter | 6 |
855 | An update of the Avira module for virus and malware filtering failed. | 2 | Anti-Malware Filter | 3 |
856 | Download or verification of the update files for the Avira module failed. | 2 | Anti-Malware Filter | 3 |
857 | The version of the Avira module for virus and malware filtering is up to date. | 2 | Anti-Malware Filter | 6 |
901 | The appliance is connected to n servers for NTLM authentication in Windows domain x. | 2 | NTLM Authentication Filter | 6 |
902 | The appliance could not connect to n servers for NTLM authentication in Windows domain x. | 2 | NTLM Authentication Filter | 4 |
903 | The appliance could not contact Windows domain x for NTLM authentication. | 2 | NTLM Authentication Filter | 3 |
910 | The appliance is connected to the LDAP server with configuration ID n. | 2 | LDAP Authentication Filter | 6 |
912 | The appliance was disconnected from the LDAP server with configuration ID n. | 2 | LDAP Authentication Filter | 4 |
913 | The appliance could not connect to any LDAP server with configuration ID n. | 2 | LDAP Authentication Filter | 3 |
920 | A response has been received from RADIUS server x after attempting to start communication to retrieve information for authenticating users. | 2 | RADIUS Authentication Filter | 6 |
921 | A response has again been received from RADIUS server x after communication had been interrupted. | 2 | RADIUS Authentication Filter | 6 |
923 | An authentication request sent to RADIUS server x has led to a timeout. | 2 | RADIUS Authentication Filter | 3 |
931 | The appliance is connected to NTLM-Agent server x. | 2 | NTLM-Agent Authentication Filter | 6 |
932 | The appliance has been disconnected from NTLM-Agent server x. | 2 | NTLM-Agent Authentication Filter | 3 |
933 | The appliance could not connect to NTLM-Agent server x. | 2 | NTLM-Agent Authentication Filter | 3 |
940 | An update of a Certificate Revocation List was successfully completed. | 2 | Authentication Filter | 6 |
941 | An update of a Certificate Revocation List failed. | 2 | Authentication Filter | 4 |
942 | A download of a Certificate Revocation List failed. | 2 | Authentication Filter | 4 |
943 | The status of a Certificate Revocation List is up to date. | 2 | Authentication Filter | 6 |
1050 | An update of the URL Filter module was successfully completed. | 2 | URL Filter | 6 |
1051 | An update of the URL Filter module failed. | 2 | URL Filter | 3 |
1052 | Download or verification of update files for the URL Filter module failed. | 2 | URL Filter | 3 |
1053 | Status of the URL Filter module is up to date. | 2 | URL Filter | 6 |
1650 | An updated Certificate Revocation List was downloaded and loaded successfully. | 2 | Certificate Chain Filter | 6 |
1651 | An updated Certificate Revocation List was downloaded, but could not be loaded. | 2 | Certificate Chain Filter | 4 |
1652 | An updated Certificate Revocation List could not be downloaded. | 2 | Certificate Chain Filter | 3 |
1653 | Status of all Certificate Revocation Lists is up to date. | 2 | Certificate Chain Filter | 6 |
1700 | An admin user logged on successfully to the user interface. | 7 | User interface | 4 |
1701 | Logon of an admin user to the user interface failed. | 7 | User interface | 3 |
1702 | The IP address of a client that an end user sent a request from changed. | 7 | User interface | 4 |
1703 | An admin user logged off successfully from the user interface. | 7 | User interface | 6 |
1704 | A logoff from the user interface was forced upon an admin user after a restart of an appliance, a timeout, or a similar incident had occurred. | 7 | User interface | 6 |
1710 | An admin user saved changes successfully. | 7 | User interface | 6 |
1711 | An attempt by an admin user to save changes failed. | 7 | User interface | 3 |
1800 | The number of entries that can be retrieved from an external list has exceeded the configured limit. |
2 | External Lists Filter | 4 |
1801 | The amount of data of entries that can be retrieved from an external list has exceeded the configured limit. | 2 | External Lists Filter | 4 |
1802 | An error occurred when data was retrieved from an external list. | 2 | External Lists Filter | 4 |
1803 | An error occurred when data that had been retrieved from an external list was converted. | 2 | External Lists Filter | 4 |
1804 | A time-out occurred when data was retrieved from an external list. | 2 | External Lists Filter | 4 |
1805 | Permission to retrieve data from an external list was denied. | 2 | External Lists Filter | 4 |
1806 | A resource for retrieving external list data could not be found. | 2 | External Lists Filter | 4 |
1850 | An update of the database for application filtering was successfully completed. | 2 | Application Control | 6 |
1851 | An update of the database for application filtering failed. | 2 | Application Control | 3 |
1852 | A download of the database for application filtering failed. | 2 | Application Control | 3 |
1853 | Status of the database for application filtering is up to date. | 2 | Application Control | 6 |
1854 | Loading the database for application filtering failed. | 2 | Application Control | 3 |
1855 | Loading the database for application filtering was successfully completed. | 2 | Application Control | 6 |
1950 | An update of the Data Loss Prevention (DLP) module was successfully completed. | 2 | Data Loss Prevention | 6 |
1951 | An update of the Data Loss Prevention (DLP) module failed. | 2 | Data Loss Prevention | 3 |
1952 | Download or verification of the update files for the Data Loss Prevention (DLP) module failed. | 2 | Data Loss Prevention | 3 |
1953 | Status of the Data Loss Prevention (DLP) is up to date. | 2 | Data Loss Prevention | 6 |
2001 | An error occurred with the Stream Detector module. | 2 | Stream Detector | 2 |
2101 | The database for media type filtering could not be loaded. | 2 | Media Type Filter | 2 |
2200 | An update of the Dynamic Content Classifier was successfully completed. | 2 | Dynamic Content Classifier | 6 |
2201 | An update of the Dynamic Content Classifier failed. | 2 | Dynamic Content Classifier | 3 |
2202 | A download or verification of the update files for the Dynamic Content Classifier failed. | 2 | Dynamic Content Classifier | 3 |
2203 | Status of the Dynamic Content Classifier is up to date. | 2 | Dynamic Content Classifier | 6 |
2350 | An update of the files for the single sign-on process was successfully completed. | 3 | Single Sign On Service | 6 |
2351 | An update of the files for the single sign-on process failed. | 3 | Single Sign On Service | 3 |
2352 | A download or verification of the updated files for the single sign-on process failed. | 3 | Single Sign On Service | 3 |
2353 | Status of the files for the single sign-on process are up to date. | 3 | Single Sign On Service | 6 |
2401 | Failed to load services database. This incident is reported when the Cloud Storage Encryption module cannot load files with a description of supported cloud storage services. | 3 | Cloud Storage Encryption | 2 |
2501 | CFM error A CFM error occurred. | 2 | SSOS Filter | 6 |
2502 | MAS export incident Export of data from the credential store failed. | 2 | SSOS Filter | 6 |
2503 | MAS store import incident Import of data into the credential store failed. | 2 | SSOS Filter | 6 |
2550 | SSO update success The SSO module was successfully updated. | 2 | SSOS Filter | 6 |
2551 | SSO update failure The SSO module could not successfully be updated. See the errors log for more details. | 2 | SSOS Filter | 6 |
2552 | SSO download failed Files could not successfully be downloaded from the SSO server. | 2 | SSOS Filter | 3 |
2553 | SSO catalog up to date There is no new version of the SSO files on the update server. | 2 | SSOS Filter | 6 |
2650 | CASB catalog update success The CASB connector catalog was successfully updated. | 2 | SSOS Filter | 6 |
2651 | CASB catalog update failure The CASB connector catalog could not successfully be updated. See the errors log for more details. | 2 | SSOS Filter | 3 |
2652 | CASB catalog download failed CASB connector catalog files could not successfully be downloaded from the update server. | 2 | SSOS Filter | 3 |
2653 | CASB catalog up to date There is no new version of the CASB connector catalog files on the update server. | 2 | SSOS Filter | 6 |
2800 | The Update Certificate Authorities (CAs) are up to date. | 2 | Update CA plugin | 6 |
2801 | A download of the Update Certificate Authorities (CAs) failed. | 2 | Update CA plugin | 3 |
2802 | The Update Certificate Authorities (CAs) were successfully updated. | 2 | Update CA plugin | 6 |
2803 | An update of the Update Certificate Authorities (CAs) failed. | 2 | Update CA plugin | 3 |
3000 | At least one node in a Central Management configuration is not in synchronized status (with regard to storage and configuration). The number of unsynchronized nodes changes. This incident is only recorded on the root node. | 3 | Central Management | 3 |
3001 | After incident 3000 occurred, all nodes in a Central Management configuration are again in synchronized status (with regard to storage and configuration). | 3 | Central Management | 3 |
3005 | At least one node in a Central Management configuration did not respond properly after shared data had been sent out. The number of nodes not properly responding changes. This incident is only recorded on the root node and only if the shared data was intended for all nodes. | 3 | Central Management | 2 |
3006 | After incident 3004 occurred, all nodes in a Central Management configuration responded properly again to the sending of shared data. | 3 | Central Management | 6 |
3200 | Sending lists to McAfee Web Gateway Cloud Service was successfully completed. | 3 | Web Hybrid | 6 |
3201 | Sending lists to McAfee Web Gateway Cloud Service failed. | 3 | Web Hybrid | 3 |
3205 | Lists were successfully downloaded from McAfee Web Gateway Cloud Service and stored. | 3 | Web Hybrid | 6 |
3206 | Lists could not be downloaded from McAfee Web Gateway Cloud Service and stored. | 3 | Web Hybrid | 3 |
3210 | Synchronization status could not be determined. | 3 | Web Hybrid | 3 |
3211 | An error occurred with the API for McAfee Web Gateway Cloud Service, for example, a mismatch of the API version. | 3 | Web Hybrid | 3 |
3250 | Status of synchronization with McAfee Web Gateway Cloud Service is OK. | 3 | Web Hybrid | 6 |
3300 | The list for Web Service Access is not available for an unknown reason. | 2 | Web Hybrid | 2 |
3301 | The list for Web Service Access does not exist. | 2 | Web Hybrid | 2 |
3302 | The settings for Web Service Access are not available for an unknown reason. | 2 | Web Hybrid | 2 |
3303 | The settings for Web Service Access do not exist. | 2 | Web Hybrid | 2 |
3400 | A policy could not be synchronized to McAfee Web Gateway Cloud Service. | 8 | SaaS Connector | 3 |
3500 | The Protocol Detector rule set could not be found and loaded. | 2 | Protocol Detector Filter | 3 |
3501 | The Protocol Detector rule set was broken or corrupt and could not be loaded. |
2 | Protocol Detector Filter | 2 |