Showing results for 
Search instead for 
Did you mean: 
Level 9

Looking for ICAP Incident ID Descriptions

Hello everyone,

I've recently configured the Incident Notification rule set as documented in Best Practice doc 4837.  That doc references Doc 7068 which has some support recommendations for Incidents to notify on but it is minimal.  I've also looked at the actual 7.4 and 7.5 documentation and it too is lacking.  What I am looking for is ICAP client incident ID descriptions - the actual documentation says those incident IDs = 1300-1399.  That's a lot of numbers with no detail/description on any of them.  Does any one know of a reference doc anywhere that details the additional Incident ID descriptions discussed but not documented?  BTW - I have googled the heck out of this and can't find anything but vague references to ICAP incidents.

Thank you,


0 Kudos
2 Replies
McAfee Employee

Re: Looking for ICAP Incident ID Descriptions

Hi again Claire!

At the moment there actually isnt any incidents for "ICAP Client". I think that this was blocked off for future use.

A future use case I would dream of would be, "The MWG tested the ICAP server, and the ICAP server returned an weird response -- Incident ID 1300".

The only available option would be to track any Errors that are encountered for ICAP related Error.IDs.

ICAP client related errors would include:

16000 - NoICAPServerAvailable - No ICAP server available from service: $list$

16001 - NoRespModPropInReqMod - The property $propName$ cannot be calculated in the request cycle

16002 - ICAPBadResponse - ICAP client filter error: ICAP server send bad response.

16003 - ICAPMaxConnectionLimit - ICAP client filter error: Maximum connection limit reached.

16004 - ICAPCannotConnectToServer - ICAP client filter error: Cannot connect to ICAP server.

16005 - ICAPCommunicationFailure - ICAP client filter error: Communication failure with ICAP server.

The above Errors would be something like: "We (MWG the ICAP client) sent a user request to the ICAP server, and there was a bad response -- Error.ID 16002".

Unfortunately "Errors" are not apart of the Notification ruleset (yet). I definitely did want to include this, however Incidents and Errors are a bit different in how an admin would want to know about them.

For clarification "Errors" are something a user encountered. Incidents are something that the MWG encountered.

Best Regards,


0 Kudos
Level 9

Re: Looking for ICAP Incident ID Descriptions

Hi Jon,

Got it.  Thank you.  Created some error handling rules to alert on ICAP error IDs - we'll see if they work.  Kind of hesitate to force an error just to see but would hate for an error to occur and my rules not kick off.  I will ponder for a while.

Thanks again,


0 Kudos