Cisco ICS assigns more than one severity level to certain incidents and events. This appendix classifies the following events and incidents by severity level:
The Cisco ICS service stopped for an unknown reason.
Error
The Cisco ICS administrator added, modified, or deleted an account.
Notice
The Cisco ICS administrator tried to but could not add or modify an account.
Error
A user added or removed a device.
Notice
The device license expired and all tasks applied to it stopped.
Notice
A DCS server registered to Cisco ICS.
Notice
A DCS server reregistered to Cisco ICS.
Notice
A DCS server was removed.
Notice
A DCS server was manually unregistered from Cisco ICS.
Notice
An OfficeScan server was added.
Notice
An OfficeScan server was removed.
Notice
Manual database backup was completed.
Notice
Manual database backup attempt was unsuccessful.
Error
Scheduled database backup was completed.
Notice
Scheduled database backup attempt was unsuccessful.
Error
Manual Log Deletion
Notice
Scheduled Log Deletion
Notice
Table C-2 Outbreak Event Severity Levels
Outbreak Events
Alert
Info
Error
Notice
A user created or modified a new outbreak management task.
Notice
A user tried to create or modify a new outbreak management task but could not for an unknown reason, or because the maximum number of tasks (32) was exceeded.
Cisco ICS tried to download a component but could not because the component was up-to-date. For more information, see About Cisco ICS Components, page 1-3.
Notice
Cisco ICS tried to download a component but could not because of an error, such as a network connection problem, invalid file type, or HTTP timeout. For more information, see About Cisco ICS Components, page 1-3.
Cisco ICS tried to deploy a component but could not because the device was offline. For more information, see About Cisco ICS Components, page 1-3.
Notice
Cisco ICS tried to deploy a component but could not because of an error; for example, the device not was not online, or interfaces or VLANs were not selected. For more information, see About Cisco ICS Components, page 1-3.
Error
Table C-5 Connection Status Event Severity Levels
Connection Status Events
Alert
Info
Error
Notice
Cisco ICS started or completed a manual or scheduled connection verification to a device.
Info
Cisco ICS was unable to connect to the device.
Error
Cisco ICS received a notification that a DCS server started.
Info
Cisco ICS received a notification that a DCS server stopped.
Notice
Table C-6 Host Event Severity Levels
Host Event
Alert
Info
Error
Notice
Cisco ICS received a host cleanup notification from a DCS server (The cleanup might or might not have been successful.)
Info
A DCS server cleaned a host and the host was not automatically removed from the watch list.
Info
A user removed a host from a watch list.
Info
Cisco ICS removed a host from a watch list automatically after the host was cleaned.
Info
Table C-7 Incident Severity Levels
Incidents
Alert
Info
Error
Notice
An IPS device detects traffic matching an OPSig.
Alert
A device detects traffic matching an OPACL.
Notice
The DCS server ran cleanup on a host that was already clean.
Info
An IPS device detected a virus and the DCS server cleaned the infected host.
Info
An IPS device detected a virus but the DCS server could not clean the infected host.
Alert
The DCS server could not access an infected host.
Error
An IPS device detected a virus but the DCS server took no action.
System Event Severity Levels— Table C-1